CVE-2020-1888

🗓️ 03 Mar 2020 15:00:25Reported by facebookType

Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7

Reporter	Title	Published	Views	Family All 9
Cvelist	CVE-2020-1888	3 Mar 202015:00	–	cvelist
EUVD	EUVD-2020-12714	7 Oct 202500:30	–	euvd
NVD	CVE-2020-1888	3 Mar 202015:15	–	nvd
OpenVAS	HHVM Multiple Vulnerabilities (Mar 2020)	6 Mar 202000:00	–	openvas
OSV	UBUNTU-CVE-2020-1888	3 Mar 202015:15	–	osv
Prion	Design/Logic Flaw	3 Mar 202015:15	–	prion
RedhatCVE	CVE-2020-1888	22 May 202517:41	–	redhatcve
UbuntuCve	CVE-2020-1888	3 Mar 202015:15	–	ubuntucve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-1888	10 Sep 202500:00	–	nessus

NVD

Node

facebook hhvmRange<4.8.7

facebook hhvmRange4.9.0–4.32.0

facebook hhvmRange4.33.0–4.38.0

facebook hhvmMatch4.39.0

facebook hhvmMatch4.40.0

facebook hhvmMatch4.41.0

facebook hhvmMatch4.42.0

facebook hhvmMatch4.43.0

facebook hhvmMatch4.44.0

facebook hhvmMatch4.45.0

[
  {
    "product": "HHVM",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "4.45.1"
      },
      {
        "status": "affected",
        "version": "4.45.0"
      },
      {
        "status": "affected",
        "version": "4.44.1"
      },
      {
        "status": "affected",
        "version": "4.44.0"
      },
      {
        "status": "affected",
        "version": "4.43.1"
      },
      {
        "status": "affected",
        "version": "4.43.0"
      },
      {
        "status": "affected",
        "version": "4.42.1"
      },
      {
        "status": "affected",
        "version": "4.42.0"
      },
      {
        "status": "affected",
        "version": "4.41.1"
      },
      {
        "status": "affected",
        "version": "4.41.0"
      },
      {
        "status": "affected",
        "version": "4.40.1"
      },
      {
        "status": "affected",
        "version": "4.40.0"
      },
      {
        "status": "affected",
        "version": "4.39.1"
      },
      {
        "status": "affected",
        "version": "4.39.0"
      },
      {
        "status": "affected",
        "version": "4.38.1"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "4.33.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.32.1"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "4.9.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.8.7"
      },
      {
        "lessThanOrEqual": "4.8.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13
hhvm	www.hhvm.com/blog/2020/02/20/security-update.html

21 Nov 2024 05:11Current

7.6High risk

Vulners AI Score7.6

CVSS 25

CVSS 3.17.5

EPSS0.00609

CWE-125