8.1

CVE-2020-1892

Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FacebookHhvm Version < 4.8.7
FacebookHhvm Version >= 4.9.0 <= 4.32.0
FacebookHhvm Version >= 4.33.0 <= 4.38.0
FacebookHhvm Version4.39.0
FacebookHhvm Version4.40.0
FacebookHhvm Version4.41.0
FacebookHhvm Version4.42.0
FacebookHhvm Version4.43.0
FacebookHhvm Version4.44.0
FacebookHhvm Version4.45.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.1% 0.612
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://hhvm.com/blog/2020/02/20/security-update.html
Vendor Advisory
https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d
Patch