CVE-2021-24036

Summary

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.

Affected Software

VendorProductVersion RangeStatus
Facebookfollyv2021.07.22.00 < unspecifiedunaffected
Facebookfollyunspecified < v2021.07.22.00affected
FacebookHHVM4.118.2 < unspecifiedunaffected
FacebookHHVM4.118.0 < unspecifiedaffected
FacebookHHVM4.117.1 < unspecifiedunaffected
FacebookHHVM4.117.0affected
FacebookHHVM4.116.1 < unspecifiedunaffected
FacebookHHVM4.116.0affected
FacebookHHVM4.115.1 < unspecifiedunaffected
FacebookHHVM4.115.0affected
FacebookHHVM4.114.1 < unspecifiedunaffected
FacebookHHVM4.114.0affected
FacebookHHVM4.113.1 < unspecifiedunaffected
FacebookHHVM4.113.0affected
FacebookHHVM4.102.2 < unspecifiedunaffected
FacebookHHVM4.102.0 < unspecifiedaffected
FacebookHHVM4.81.0 < unspecifiedaffected
FacebookHHVM4.80.5 < unspecifiedunaffected
FacebookHHVMunspecified < 4.80.5affected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow (CWE-122)

ADP Enrichment

CVE Program Container

Additional References

References