7.5

CVE-2020-1893

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FacebookHhvm Version < 4.8.7
FacebookHhvm Version >= 4.9.0 <= 4.32.0
FacebookHhvm Version >= 4.33.0 <= 4.38.0
FacebookHhvm Version4.39.0
FacebookHhvm Version4.40.0
FacebookHhvm Version4.41.0
FacebookHhvm Version4.42.0
FacebookHhvm Version4.43.0
FacebookHhvm Version4.44.0
FacebookHhvm Version4.45.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.15% 0.626
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://hhvm.com/blog/2020/02/20/security-update.html
Vendor Advisory
https://github.com/facebook/hhvm/commit/bd586671a3c22eb2f07e55f11b3ce64e1f7961e7
Patch