Hhvm Security Vulnerabilities and Issues — Hhvm CVE List

Lucene search

FacebookHhvm

9 matches found

CVE•added 2021/03/11 1:15 a.m.•206 views

CVE-2020-1899

The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56....

7.5CVSS7.5AI score0.00318EPSS

CVE•added 2021/03/11 1:15 a.m.•69 views

CVE-2020-1898

The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1...

7.5CVSS7.5AI score0.00646EPSS

CVE•added 2021/03/11 1:15 a.m.•67 views

CVE-2020-1900

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3,...

9.8CVSS9.3AI score0.00656EPSS

CVE•added 2021/03/10 4:15 p.m.•43 views

CVE-2021-24025

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and...

9.8CVSS9.5AI score0.0045EPSS

CVE•added 2021/03/10 4:15 p.m.•41 views

CVE-2020-1917

xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4...

9.8CVSS9.4AI score0.00607EPSS

CVE•added 2021/03/10 4:15 p.m.•41 views

CVE-2020-1918

In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...

7.5CVSS7.5AI score0.00291EPSS

CVE•added 2021/03/10 4:15 p.m.•36 views

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94....

7.5CVSS7.5AI score0.00459EPSS

CVE•added 2021/03/10 4:15 p.m.•33 views

CVE-2020-1916

An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.

9.8CVSS9.5AI score0.00656EPSS

CVE•added 2021/03/10 4:15 p.m.•33 views

CVE-2020-1919

Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94...

7.5CVSS7.3AI score0.00318EPSS