CVE-2020-1900

2021-03-1100:55:20

CWE-416

facebook

www.cve.org

hhvm

unserialization

array resize

security vulnerability

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.

CNA Affected

[
  {
    "product": "HHVM",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.62.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.62.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.61.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.61.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.60.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.60.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.59.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.59.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.58.2",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "4.58.0",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.57.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.57.0"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.56.1",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "4.33.0",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.32.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.32.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]