CVE-2020-1892
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
03/03/2020
Last modified:
05/03/2020
Description
Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:* | 4.8.7 (excluding) | |
| cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:* | 4.9.0 (including) | 4.32.0 (including) |
| cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:* | 4.33.0 (including) | 4.38.0 (including) |
| cpe:2.3:a:facebook:hhvm:4.39.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:facebook:hhvm:4.40.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:facebook:hhvm:4.41.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:facebook:hhvm:4.42.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:facebook:hhvm:4.43.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:facebook:hhvm:4.44.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:facebook:hhvm:4.45.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page