CVE-2020-1892
N/A
N/A
Summary
Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HHVM | 4.45.1 | affected | |
| HHVM | 4.45.0 | affected | |
| HHVM | 4.44.1 | affected | |
| HHVM | 4.44.0 | affected | |
| HHVM | 4.43.1 | affected | |
| HHVM | 4.43.0 | affected | |
| HHVM | 4.42.1 | affected | |
| HHVM | 4.42.0 | affected | |
| HHVM | 4.41.1 | affected | |
| HHVM | 4.41.0 | affected | |
| HHVM | 4.40.1 | affected | |
| HHVM | 4.40.0 | affected | |
| HHVM | 4.39.1 | affected | |
| HHVM | 4.39.0 | affected | |
| HHVM | 4.38.1 | affected | |
| HHVM | 4.33.0 < unspecified | affected | |
| HHVM | 4.32.1 | affected | |
| HHVM | 4.9.0 < unspecified | affected | |
| HHVM | 4.8.7 | affected | |
| HHVM | unspecified <= 4.8.6 | affected |
Weaknesses
- CWE-125: Out-of-bounds Read (CWE-125)
ADP Enrichment
CVE Program Container
Additional References
- https://hhvm.com/blog/2020/02/20/security-update.html
- https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d
References
- https://hhvm.com/blog/2020/02/20/security-update.html
- https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.