CVE-2020-1916
N/A
N/A
Summary
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HHVM | 4.83.1 < unspecified | unaffected | |
| HHVM | 4.83.0 | affected | |
| HHVM | 4.82.1 < unspecified | unaffected | |
| HHVM | 4.82.0 | affected | |
| HHVM | 4.81.1 < unspecified | unaffected | |
| HHVM | 4.81.0 | affected | |
| HHVM | 4.80.1 < unspecified | unaffected | |
| HHVM | 4.80.0 | affected | |
| HHVM | 4.79.1 < unspecified | unaffected | |
| HHVM | 4.79.0 | affected | |
| HHVM | 4.78.1 < unspecified | unaffected | |
| HHVM | 4.57.0 < unspecified | affected | |
| HHVM | 4.56.2 < unspecified | unaffected | |
| HHVM | unspecified < 4.56.2 | affected |
Weaknesses
- CWE-122: Heap-based Buffer Overflow (CWE-122)
ADP Enrichment
CVE Program Container
Additional References
- https://hhvm.com/blog/2020/11/12/security-update.html
- https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4
References
- https://hhvm.com/blog/2020/11/12/security-update.html
- https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.