7.5

CVE-2020-1893

EPSS 0.61%
Published 03.03.2020 15:15:12
Last modified 21.11.2024 05:11:33
Source cve-assign@fb.com
Teams watchlist Login
Open Login

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Facebook ≫ Hhvm Version < 4.8.7

Facebook ≫ Hhvm Version >= 4.9.0 <= 4.32.0

Facebook ≫ Hhvm Version >= 4.33.0 <= 4.38.0

Facebook ≫ Hhvm Version4.39.0

Facebook ≫ Hhvm Version4.40.0

Facebook ≫ Hhvm Version4.41.0

Facebook ≫ Hhvm Version4.42.0

Facebook ≫ Hhvm Version4.43.0

Facebook ≫ Hhvm Version4.44.0

Facebook ≫ Hhvm Version4.45.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.61%	0.689

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://hhvm.com/blog/2020/02/20/security-update.html

Vendor Advisory

https://github.com/facebook/hhvm/commit/bd586671a3c22eb2f07e55f11b3ce64e1f7961e7

Patch

https://nvd.nist.gov/vuln/detail/CVE-2020-1893

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1893

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1893

EUVD