CVE-2020-1898

🗓️ 11 Mar 2021 00:55:18Reported by facebookType

The fb_unserialize function in HHVM prior to v4.32.3, v4.33.0 to v4.62.0 is susceptible to stack exhaustion due to unbounded nested deserialization

Reporter	Title	Published	Views	Family All 9
CNNVD	Facebook HHVM 安全漏洞	10 Mar 202100:00	–	cnnvd
CVE	CVE-2020-1898	11 Mar 202100:55	–	cve
EUVD	EUVD-2020-12724	7 Oct 202500:30	–	euvd
NVD	CVE-2020-1898	11 Mar 202101:15	–	nvd
OSV	UBUNTU-CVE-2020-1898	11 Mar 202101:15	–	osv
Prion	Deserialization of untrusted data	11 Mar 202101:15	–	prion
RedhatCVE	CVE-2020-1898	22 May 202517:40	–	redhatcve
UbuntuCve	CVE-2020-1898	11 Mar 202101:15	–	ubuntucve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2020-1898	10 Sep 202500:00	–	nessus

[
  {
    "product": "HHVM",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.62.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.62.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.61.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.61.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.60.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.60.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.59.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.59.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.58.2",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "4.58.0",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.57.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.57.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.56.1",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "4.33.0",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.32.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.32.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
hhvm	www.hhvm.com/blog/2020/06/30/security-update.html
github	www.github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c

11 Mar 2021 00:55Current

7.5High risk

Vulners AI Score7.5

EPSS0.00835

CWE-674