7.5

CVE-2020-1888

Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FacebookHhvm Version < 4.8.7
FacebookHhvm Version >= 4.9.0 <= 4.32.0
FacebookHhvm Version >= 4.33.0 <= 4.38.0
FacebookHhvm Version4.39.0
FacebookHhvm Version4.40.0
FacebookHhvm Version4.41.0
FacebookHhvm Version4.42.0
FacebookHhvm Version4.43.0
FacebookHhvm Version4.44.0
FacebookHhvm Version4.45.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.15% 0.626
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13
Patch
https://hhvm.com/blog/2020/02/20/security-update.html
Vendor Advisory