7.5

CVE-2020-1888

EPSS 0.61%
Published 03.03.2020 15:15:11
Last modified 21.11.2024 05:11:33
Source cve-assign@fb.com
Teams watchlist Login
Open Login

Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Facebook ≫ Hhvm Version < 4.8.7

Facebook ≫ Hhvm Version >= 4.9.0 <= 4.32.0

Facebook ≫ Hhvm Version >= 4.33.0 <= 4.38.0

Facebook ≫ Hhvm Version4.39.0

Facebook ≫ Hhvm Version4.40.0

Facebook ≫ Hhvm Version4.41.0

Facebook ≫ Hhvm Version4.42.0

Facebook ≫ Hhvm Version4.43.0

Facebook ≫ Hhvm Version4.44.0

Facebook ≫ Hhvm Version4.45.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.61%	0.689

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13

Patch

https://hhvm.com/blog/2020/02/20/security-update.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1888

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1888

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1888

EUVD