Search

Find a vulnerability

Search criteria

    85 vulnerabilities found for HHVM by Facebook

    VAR-201812-0587

    Vulnerability from variot - Updated: 2025-05-07 23:03

    A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. HHVM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages.

    There are security vulnerabilities in Facebook HHVM 3.25.2 and earlier, 3.24.6 and earlier, and 3.21.10 and earlier. An attacker could use this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0587",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "facebook",
            "version": "3.25.2"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "facebook",
            "version": "3.24.6"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "3.21.10"
          },
          {
            "model": "hiphop virtual machine",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "facebook",
            "version": "3.21.10"
          },
          {
            "model": "hiphop virtual machine",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "facebook",
            "version": "3.24.6"
          },
          {
            "model": "hiphop virtual machine",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "facebook",
            "version": "3.25.2"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "\u003c=3.21.10"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "\u003c=3.24.6"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "\u003c=3.25.2"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "3.21.10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6335"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:facebook:hiphop_virtual_machine",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          }
        ]
      },
      "cve": "CVE-2018-6335",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-6335",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-37157",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-6335",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-6335",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-6335",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2018-6335",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-6335",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-37157",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-1312",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6335"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6335"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Malformed h2 frame can cause \u0027std::out_of_range\u0027 exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. HHVM Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages. \n\nThere are security vulnerabilities in Facebook HHVM 3.25.2 and earlier, 3.24.6 and earlier, and 3.21.10 and earlier. An attacker could use this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-6335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-6335",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1312",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6335"
          }
        ]
      },
      "id": "VAR-201812-0587",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          }
        ]
      },
      "last_update_date": "2025-05-07T23:03:25.552000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HHVM 3.25.3, HHVM 3.24.7, and 3.21.11",
            "trust": 0.8,
            "url": "https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html"
          },
          {
            "title": "[security][CVE-2018-6335] Fix potential crash in HTTP2 padding handling",
            "trust": 0.8,
            "url": "https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56"
          },
          {
            "title": "Patch for Facebook HHVM Denial of Service Vulnerability (CNVD-2019-37157)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186949"
          },
          {
            "title": "Facebook HHVM Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88234"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6335"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6335"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6335"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6335"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6335"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          },
          {
            "date": "2019-02-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "date": "2019-01-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          },
          {
            "date": "2018-12-31T19:29:00.417000",
            "db": "NVD",
            "id": "CVE-2018-6335"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-37157"
          },
          {
            "date": "2019-02-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          },
          {
            "date": "2025-05-06T19:15:53.723000",
            "db": "NVD",
            "id": "CVE-2018-6335"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HHVM Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013389"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1312"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201812-0586

    Vulnerability from variot - Updated: 2025-05-07 22:53

    Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). HHVM Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages.

    There are security vulnerabilities in Facebook HHVM 3.25.1 and earlier, 3.24.5 and earlier, and 3.21.9 and earlier. No detailed vulnerability details are provided at this time

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0586",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "3.21.9"
          },
          {
            "model": "hhvm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "3.21.10"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "3.24.5"
          },
          {
            "model": "hhvm",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "3.24.6"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "3.25.1"
          },
          {
            "model": "hiphop virtual machine",
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "\u003c=3.21.9"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "\u003c=3.24.5"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "\u003c=3.25.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6334"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:facebook:hiphop_virtual_machine",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          }
        ]
      },
      "cve": "CVE-2018-6334",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-6334",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-37158",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-6334",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-6334",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-6334",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2018-6334",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-6334",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-37158",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-1311",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1311"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6334"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6334"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). HHVM Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages. \n\nThere are security vulnerabilities in Facebook HHVM 3.25.1 and earlier, 3.24.5 and earlier, and 3.21.9 and earlier. No detailed vulnerability details are provided at this time",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-6334"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-6334",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1311",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1311"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6334"
          }
        ]
      },
      "id": "VAR-201812-0586",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          }
        ]
      },
      "last_update_date": "2025-05-07T22:53:42.273000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HHVM 3.25.2, HHVM 3.24.6, and 3.21.10 (CVE-2018-6334)",
            "trust": 0.8,
            "url": "https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html"
          },
          {
            "title": "security][CVE-2018-6334] kill globals for file uploads in hhvm",
            "trust": 0.8,
            "url": "https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff"
          },
          {
            "title": "Patch for Unknown vulnerability in Facebook HHVM",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186951"
          },
          {
            "title": "Facebook HHVM Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88233"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1311"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-621",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6334"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6334"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6334"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1311"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6334"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1311"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6334"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          },
          {
            "date": "2019-03-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "date": "2019-01-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-1311"
          },
          {
            "date": "2018-12-31T19:29:00.323000",
            "db": "NVD",
            "id": "CVE-2018-6334"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-37158"
          },
          {
            "date": "2019-03-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-1311"
          },
          {
            "date": "2025-05-06T17:15:50.730000",
            "db": "NVD",
            "id": "CVE-2018-6334"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1311"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HHVM Input validation vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014115"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1311"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0005

    Vulnerability from variot - Updated: 2024-11-23 21:37

    HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. HHVM Contains an information disclosure vulnerability.Information may be obtained. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0005",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "facebook",
            "version": "4.3.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "facebook",
            "version": "4.4.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "facebook",
            "version": "4.5.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "facebook",
            "version": "4.6.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "facebook",
            "version": "4.7.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "facebook",
            "version": "4.8.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "4.0.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "4.0.1"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "4.0.2"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "4.0.3"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "4.1.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "4.2.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "4.0.4"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "facebook",
            "version": "3.30.5"
          },
          {
            "model": "hiphop virtual machine",
            "scope": null,
            "trust": 0.8,
            "vendor": "facebook",
            "version": null
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "4.0"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "4.1"
          },
          {
            "model": "hhvm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "4.2"
          },
          {
            "model": "hhvm",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "facebook",
            "version": "\u003c=3.30.5"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3569"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:facebook:hiphop_virtual_machine",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          }
        ]
      },
      "cve": "CVE-2019-3569",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-3569",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-37156",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-3569",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-3569",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-3569",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-3569",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-37156",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-1018",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3569"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. HHVM Contains an information disclosure vulnerability.Information may be obtained. Facebook HHVM (also known as HipHop Virtual Machine) is a virtual machine that can significantly improve the performance of PHP loading dynamic pages",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-3569"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-3569",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-1018",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3569"
          }
        ]
      },
      "id": "VAR-201906-0005",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:37:16.060000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HHVM 4.9.0, and security updates for 3.30, and 4.3-4.7",
            "trust": 0.8,
            "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
          },
          {
            "title": "Fix default FastCGI interface",
            "trust": 0.8,
            "url": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed"
          },
          {
            "title": "Patch for Facebook HHVM Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/186771"
          },
          {
            "title": "Facebook HHVM Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94145"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-552",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-668",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3569"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3569"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3569"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3569"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3569"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "date": "2019-06-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          },
          {
            "date": "2019-06-26T15:15:09.887000",
            "db": "NVD",
            "id": "CVE-2019-3569"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005967"
          },
          {
            "date": "2021-09-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          },
          {
            "date": "2024-11-21T04:42:11.060000",
            "db": "NVD",
            "id": "CVE-2019-3569"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Facebook HHVM Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-37156"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-1018"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2022-36937 (GCVE-0-2022-36937)

    Vulnerability from nvd – Published: 2023-05-10 18:28 – Updated: 2025-01-27 18:25
    VLAI
    Summary
    HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1104 - Use of Unmaintained Third Party Components
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Affected: 4.172.0 , < 4.172.1 (semver)
    Affected: 4.171.0 , < 4.171.1 (semver)
    Affected: 4.170.0 , < 4.170.2 (semver)
    Affected: 4.169.0 , < 4.169.2 (semver)
    Affected: 4.154.0 , < 1.168.2 (semver)
    Affected: 0 , < 4.153.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.009Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2023/01/20/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36937",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T18:25:01.414896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-327",
                    "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T18:25:06.548Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "4.172.1",
                  "status": "affected",
                  "version": "4.172.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.171.1",
                  "status": "affected",
                  "version": "4.171.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.170.2",
                  "status": "affected",
                  "version": "4.170.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.169.2",
                  "status": "affected",
                  "version": "4.169.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.168.2",
                  "status": "affected",
                  "version": "4.154.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.153.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2022-11-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3.\n\nApplications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-1104: Use of Unmaintained Third Party Components",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T18:36:49.406Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2023/01/20/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36937",
        "datePublished": "2023-05-10T18:28:20.367Z",
        "dateReserved": "2022-07-27T17:00:55.528Z",
        "dateUpdated": "2025-01-27T18:25:06.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3556 (GCVE-0-2019-3556)

    Vulnerability from nvd – Published: 2021-10-26 20:05 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory (CWE-22)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.83.1 , < unspecified (custom)
    Affected: 4.83.0 , < unspecified (custom)
    Unaffected: 4.82.1 , < unspecified (custom)
    Affected: 4.82.0 , < unspecified (custom)
    Unaffected: 4.81.1 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.1 , < unspecified (custom)
    Affected: 4.80.0 , < unspecified (custom)
    Unaffected: 4.79.1 , < unspecified (custom)
    Affected: 4.79.0 , < unspecified (custom)
    Unaffected: 4.78.1 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.2 , < unspecified (custom)
    Affected: unspecified , < 4.56.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3556"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.83.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.83.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.82.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.82.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.81.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.80.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.79.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.79.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.78.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HHVM supports the use of an \"admin\" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-26T20:05:10.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3556"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-01-09",
              "ID": "CVE-2019-3556",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.83.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.83.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.82.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.82.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.81.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.80.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.79.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.79.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.78.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HHVM supports the use of an \"admin\" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/11/12/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3556",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3556"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3556",
        "datePublished": "2021-10-26T20:05:10.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24036 (GCVE-0-2021-24036)

    Vulnerability from nvd – Published: 2021-07-23 00:30 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook folly Unaffected: v2021.07.22.00 , < unspecified (custom)
    Affected: unspecified , < v2021.07.22.00 (custom)
    Create a notification for this product.
    Facebook HHVM Unaffected: 4.118.2 , < unspecified (custom)
    Affected: 4.118.0 , < unspecified (custom)
    Unaffected: 4.117.1 , < unspecified (custom)
    Affected: 4.117.0
    Unaffected: 4.116.1 , < unspecified (custom)
    Affected: 4.116.0
    Unaffected: 4.115.1 , < unspecified (custom)
    Affected: 4.115.0
    Unaffected: 4.114.1 , < unspecified (custom)
    Affected: 4.114.0
    Unaffected: 4.113.1 , < unspecified (custom)
    Affected: 4.113.0
    Unaffected: 4.102.2 , < unspecified (custom)
    Affected: 4.102.0 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.5 , < unspecified (custom)
    Affected: unspecified , < 4.80.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/07/20/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2021-24036"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "folly",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2021.07.22.00",
                  "versionType": "custom"
                },
                {
                  "lessThan": "v2021.07.22.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.118.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.118.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.117.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.117.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.116.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.116.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.115.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.115.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.114.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.114.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.113.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.113.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.102.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.102.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.80.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-23T00:30:16.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2021/07/20/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2021-24036"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-05-04",
              "ID": "CVE-2021-24036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "folly",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2021.07.22.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2021.07.22.00"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.118.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.118.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.117.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.117.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.116.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.116.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.115.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.115.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.114.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.114.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.113.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.113.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.102.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.102.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.5"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.80.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/07/20/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2021/07/20/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2021-24036",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2021-24036"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24036",
        "datePublished": "2021-07-23T00:30:16.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1900 (GCVE-0-2020-1900)

    Vulnerability from nvd – Published: 2021-03-11 00:55 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-416 - Use After Free (CWE-416)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.62.1 , < unspecified (custom)
    Affected: 4.62.0
    Unaffected: 4.61.1 , < unspecified (custom)
    Affected: 4.61.0
    Unaffected: 4.60.1 , < unspecified (custom)
    Affected: 4.60.0
    Unaffected: 4.59.1 , < unspecified (custom)
    Affected: 4.59.0
    Unaffected: 4.58.2 , < unspecified (custom)
    Affected: 4.58.0 , < unspecified (custom)
    Unaffected: 4.57.1 , < unspecified (custom)
    Affected: 4.57.0
    Unaffected: 4.56.1 , < unspecified (custom)
    Affected: 4.33.0 , < unspecified (custom)
    Unaffected: 4.32.3 , < unspecified (custom)
    Affected: unspecified , < 4.32.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.62.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.62.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.61.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.61.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.60.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.60.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.59.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.59.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.58.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.58.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.57.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.57.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.32.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.32.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-06-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free (CWE-416)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-11T00:55:20.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-06-18",
              "ID": "CVE-2020-1900",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.62.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.62.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.61.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.61.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.60.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.60.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.59.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.59.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.58.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.58.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.57.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.33.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.32.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.32.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use After Free (CWE-416)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/06/30/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1900",
        "datePublished": "2021-03-11T00:55:20.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1899 (GCVE-0-2020-1899)

    Vulnerability from nvd – Published: 2021-03-11 00:55 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - Untrusted Pointer Dereference (CWE-822)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.62.1 , < unspecified (custom)
    Affected: 4.62.0
    Unaffected: 4.61.1 , < unspecified (custom)
    Affected: 4.61.0
    Unaffected: 4.60.1 , < unspecified (custom)
    Affected: 4.60.0
    Unaffected: 4.59.1 , < unspecified (custom)
    Affected: 4.59.0
    Unaffected: 4.58.2 , < unspecified (custom)
    Affected: 4.58.0 , < unspecified (custom)
    Unaffected: 4.57.1 , < unspecified (custom)
    Affected: 4.57.0
    Unaffected: 4.56.1 , < unspecified (custom)
    Affected: 4.33.0 , < unspecified (custom)
    Unaffected: 4.32.3 , < unspecified (custom)
    Affected: unspecified , < 4.32.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.62.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.62.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.61.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.61.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.60.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.60.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.59.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.59.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.58.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.58.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.57.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.57.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.32.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.32.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The unserialize() function supported a type code, \"S\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "Untrusted Pointer Dereference (CWE-822)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-11T00:55:19.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-06-10",
              "ID": "CVE-2020-1899",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.62.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.62.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.61.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.61.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.60.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.60.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.59.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.59.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.58.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.58.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.57.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.33.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.32.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.32.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The unserialize() function supported a type code, \"S\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted Pointer Dereference (CWE-822)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/06/30/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1899",
        "datePublished": "2021-03-11T00:55:19.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1898 (GCVE-0-2020-1898)

    Vulnerability from nvd – Published: 2021-03-11 00:55 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-674 - Uncontrolled Recursion (CWE-674)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.62.1 , < unspecified (custom)
    Affected: 4.62.0
    Unaffected: 4.61.1 , < unspecified (custom)
    Affected: 4.61.0
    Unaffected: 4.60.1 , < unspecified (custom)
    Affected: 4.60.0
    Unaffected: 4.59.1 , < unspecified (custom)
    Affected: 4.59.0
    Unaffected: 4.58.2 , < unspecified (custom)
    Affected: 4.58.0 , < unspecified (custom)
    Unaffected: 4.57.1 , < unspecified (custom)
    Affected: 4.57.0
    Unaffected: 4.56.1 , < unspecified (custom)
    Affected: 4.33.0 , < unspecified (custom)
    Unaffected: 4.32.3 , < unspecified (custom)
    Affected: unspecified , < 4.32.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.62.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.62.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.61.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.61.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.60.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.60.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.59.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.59.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.58.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.58.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.57.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.57.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.32.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.32.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion (CWE-674)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-11T00:55:18.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-06-09",
              "ID": "CVE-2020-1898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.62.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.62.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.61.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.61.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.60.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.60.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.59.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.59.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.58.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.58.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.57.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.33.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.32.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.32.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Recursion (CWE-674)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/06/30/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1898",
        "datePublished": "2021-03-11T00:55:18.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24025 (GCVE-0-2021-24025)

    Vulnerability from nvd – Published: 2021-03-10 15:50 – Updated: 2024-08-03 19:14
    VLAI
    Summary
    Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:10.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:30.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-01-27",
              "ID": "CVE-2021-24025",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24025",
        "datePublished": "2021-03-10T15:50:30.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:14:10.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1921 (GCVE-0-2020-1921)

    Vulnerability from nvd – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow (CWE-121)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow (CWE-121)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:30.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-12-14",
              "ID": "CVE-2020-1921",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stack-based Buffer Overflow (CWE-121)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1921",
        "datePublished": "2021-03-10T15:50:30.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1919 (GCVE-0-2020-1919)

    Vulnerability from nvd – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - Out-of-bounds Read (CWE-125)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:29.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-12-11",
              "ID": "CVE-2020-1919",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read (CWE-125)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1919",
        "datePublished": "2021-03-10T15:50:29.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1918 (GCVE-0-2020-1918)

    Vulnerability from nvd – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-127 - Buffer Under-read (CWE-127)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.798Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-127",
                  "description": "Buffer Under-read (CWE-127)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:28.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-11-15",
              "ID": "CVE-2020-1918",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Under-read (CWE-127)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1918",
        "datePublished": "2021-03-10T15:50:28.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1917 (GCVE-0-2020-1917)

    Vulnerability from nvd – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:28.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-11-11",
              "ID": "CVE-2020-1917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1917",
        "datePublished": "2021-03-10T15:50:28.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1916 (GCVE-0-2020-1916)

    Vulnerability from nvd – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.83.1 , < unspecified (custom)
    Affected: 4.83.0
    Unaffected: 4.82.1 , < unspecified (custom)
    Affected: 4.82.0
    Unaffected: 4.81.1 , < unspecified (custom)
    Affected: 4.81.0
    Unaffected: 4.80.1 , < unspecified (custom)
    Affected: 4.80.0
    Unaffected: 4.79.1 , < unspecified (custom)
    Affected: 4.79.0
    Unaffected: 4.78.1 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.2 , < unspecified (custom)
    Affected: unspecified , < 4.56.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.83.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.83.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.82.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.82.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.81.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.81.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.80.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.79.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.79.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.78.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:27.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-30",
              "ID": "CVE-2020-1916",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.83.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.83.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.82.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.82.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.81.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.80.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.79.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.79.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.78.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/11/12/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1916",
        "datePublished": "2021-03-10T15:50:27.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1893 (GCVE-0-2020-1893)

    Vulnerability from nvd – Published: 2020-03-03 15:00 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - Out-of-bounds Read (CWE-125)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Affected: 4.45.1
    Affected: 4.45.0
    Affected: 4.44.1
    Affected: 4.44.0
    Affected: 4.43.1
    Affected: 4.43.0
    Affected: 4.42.1
    Affected: 4.42.0
    Affected: 4.41.1
    Affected: 4.41.0
    Affected: 4.40.1
    Affected: 4.40.0
    Affected: 4.39.1
    Affected: 4.39.0
    Affected: 4.38.1
    Affected: 4.33.0 , < unspecified (custom)
    Affected: 4.32.1
    Affected: 4.9.0 , < unspecified (custom)
    Affected: 4.8.7
    Affected: unspecified , ≤ 4.8.6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.787Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/02/20/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/bd586671a3c22eb2f07e55f11b3ce64e1f7961e7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.45.1"
                },
                {
                  "status": "affected",
                  "version": "4.45.0"
                },
                {
                  "status": "affected",
                  "version": "4.44.1"
                },
                {
                  "status": "affected",
                  "version": "4.44.0"
                },
                {
                  "status": "affected",
                  "version": "4.43.1"
                },
                {
                  "status": "affected",
                  "version": "4.43.0"
                },
                {
                  "status": "affected",
                  "version": "4.42.1"
                },
                {
                  "status": "affected",
                  "version": "4.42.0"
                },
                {
                  "status": "affected",
                  "version": "4.41.1"
                },
                {
                  "status": "affected",
                  "version": "4.41.0"
                },
                {
                  "status": "affected",
                  "version": "4.40.1"
                },
                {
                  "status": "affected",
                  "version": "4.40.0"
                },
                {
                  "status": "affected",
                  "version": "4.39.1"
                },
                {
                  "status": "affected",
                  "version": "4.39.0"
                },
                {
                  "status": "affected",
                  "version": "4.38.1"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.32.1"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.8.7"
                },
                {
                  "lessThanOrEqual": "4.8.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-03T15:00:26.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/02/20/security-update.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/facebook/hhvm/commit/bd586671a3c22eb2f07e55f11b3ce64e1f7961e7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-02-20",
              "ID": "CVE-2020-1893",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.45.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.45.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.44.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.44.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.43.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.43.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.42.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.42.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.41.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.41.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.40.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.40.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.39.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.39.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.38.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.33.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.32.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.9.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.8.7"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.8.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read (CWE-125)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/02/20/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/02/20/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/bd586671a3c22eb2f07e55f11b3ce64e1f7961e7",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/facebook/hhvm/commit/bd586671a3c22eb2f07e55f11b3ce64e1f7961e7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1893",
        "datePublished": "2020-03-03T15:00:26.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.787Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1892 (GCVE-0-2020-1892)

    Vulnerability from nvd – Published: 2020-03-03 15:00 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - Out-of-bounds Read (CWE-125)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Affected: 4.45.1
    Affected: 4.45.0
    Affected: 4.44.1
    Affected: 4.44.0
    Affected: 4.43.1
    Affected: 4.43.0
    Affected: 4.42.1
    Affected: 4.42.0
    Affected: 4.41.1
    Affected: 4.41.0
    Affected: 4.40.1
    Affected: 4.40.0
    Affected: 4.39.1
    Affected: 4.39.0
    Affected: 4.38.1
    Affected: 4.33.0 , < unspecified (custom)
    Affected: 4.32.1
    Affected: 4.9.0 , < unspecified (custom)
    Affected: 4.8.7
    Affected: unspecified , ≤ 4.8.6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.519Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/02/20/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.45.1"
                },
                {
                  "status": "affected",
                  "version": "4.45.0"
                },
                {
                  "status": "affected",
                  "version": "4.44.1"
                },
                {
                  "status": "affected",
                  "version": "4.44.0"
                },
                {
                  "status": "affected",
                  "version": "4.43.1"
                },
                {
                  "status": "affected",
                  "version": "4.43.0"
                },
                {
                  "status": "affected",
                  "version": "4.42.1"
                },
                {
                  "status": "affected",
                  "version": "4.42.0"
                },
                {
                  "status": "affected",
                  "version": "4.41.1"
                },
                {
                  "status": "affected",
                  "version": "4.41.0"
                },
                {
                  "status": "affected",
                  "version": "4.40.1"
                },
                {
                  "status": "affected",
                  "version": "4.40.0"
                },
                {
                  "status": "affected",
                  "version": "4.39.1"
                },
                {
                  "status": "affected",
                  "version": "4.39.0"
                },
                {
                  "status": "affected",
                  "version": "4.38.1"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.32.1"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.8.7"
                },
                {
                  "lessThanOrEqual": "4.8.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-03T15:00:25.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/02/20/security-update.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-02-20",
              "ID": "CVE-2020-1892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.45.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.45.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.44.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.44.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.43.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.43.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.42.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.42.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.41.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.41.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.40.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.40.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.39.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.39.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.38.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.33.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.32.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.9.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.8.7"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.8.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read (CWE-125)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/02/20/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/02/20/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1892",
        "datePublished": "2020-03-03T15:00:26.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.519Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1888 (GCVE-0-2020-1888)

    Vulnerability from nvd – Published: 2020-03-03 15:00 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - Out-of-bounds Read (CWE-125)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Affected: 4.45.1
    Affected: 4.45.0
    Affected: 4.44.1
    Affected: 4.44.0
    Affected: 4.43.1
    Affected: 4.43.0
    Affected: 4.42.1
    Affected: 4.42.0
    Affected: 4.41.1
    Affected: 4.41.0
    Affected: 4.40.1
    Affected: 4.40.0
    Affected: 4.39.1
    Affected: 4.39.0
    Affected: 4.38.1
    Affected: 4.33.0 , < unspecified (custom)
    Affected: 4.32.1
    Affected: 4.9.0 , < unspecified (custom)
    Affected: 4.8.7
    Affected: unspecified , ≤ 4.8.6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.615Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/02/20/security-update.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.45.1"
                },
                {
                  "status": "affected",
                  "version": "4.45.0"
                },
                {
                  "status": "affected",
                  "version": "4.44.1"
                },
                {
                  "status": "affected",
                  "version": "4.44.0"
                },
                {
                  "status": "affected",
                  "version": "4.43.1"
                },
                {
                  "status": "affected",
                  "version": "4.43.0"
                },
                {
                  "status": "affected",
                  "version": "4.42.1"
                },
                {
                  "status": "affected",
                  "version": "4.42.0"
                },
                {
                  "status": "affected",
                  "version": "4.41.1"
                },
                {
                  "status": "affected",
                  "version": "4.41.0"
                },
                {
                  "status": "affected",
                  "version": "4.40.1"
                },
                {
                  "status": "affected",
                  "version": "4.40.0"
                },
                {
                  "status": "affected",
                  "version": "4.39.1"
                },
                {
                  "status": "affected",
                  "version": "4.39.0"
                },
                {
                  "status": "affected",
                  "version": "4.38.1"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.32.1"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.8.7"
                },
                {
                  "lessThanOrEqual": "4.8.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-03T15:00:25.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/02/20/security-update.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-02-20",
              "ID": "CVE-2020-1888",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.45.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.45.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.44.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.44.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.43.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.43.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.42.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.42.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.41.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.41.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.40.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.40.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.39.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.39.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.38.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.33.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.32.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.9.0"
                              },
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "4.8.7"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.8.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read (CWE-125)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13"
                },
                {
                  "name": "https://hhvm.com/blog/2020/02/20/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/02/20/security-update.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1888",
        "datePublished": "2020-03-03T15:00:25.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36937 (GCVE-0-2022-36937)

    Vulnerability from cvelistv5 – Published: 2023-05-10 18:28 – Updated: 2025-01-27 18:25
    VLAI
    Summary
    HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1104 - Use of Unmaintained Third Party Components
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Affected: 4.172.0 , < 4.172.1 (semver)
    Affected: 4.171.0 , < 4.171.1 (semver)
    Affected: 4.170.0 , < 4.170.2 (semver)
    Affected: 4.169.0 , < 4.169.2 (semver)
    Affected: 4.154.0 , < 1.168.2 (semver)
    Affected: 0 , < 4.153.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.009Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2023/01/20/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36937",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-27T18:25:01.414896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-327",
                    "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-27T18:25:06.548Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "4.172.1",
                  "status": "affected",
                  "version": "4.172.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.171.1",
                  "status": "affected",
                  "version": "4.171.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.170.2",
                  "status": "affected",
                  "version": "4.170.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.169.2",
                  "status": "affected",
                  "version": "4.169.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.168.2",
                  "status": "affected",
                  "version": "4.154.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.153.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2022-11-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3.\n\nApplications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-1104: Use of Unmaintained Third Party Components",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T18:36:49.406Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2023/01/20/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36937",
        "datePublished": "2023-05-10T18:28:20.367Z",
        "dateReserved": "2022-07-27T17:00:55.528Z",
        "dateUpdated": "2025-01-27T18:25:06.548Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3556 (GCVE-0-2019-3556)

    Vulnerability from cvelistv5 – Published: 2021-10-26 20:05 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory (CWE-22)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.83.1 , < unspecified (custom)
    Affected: 4.83.0 , < unspecified (custom)
    Unaffected: 4.82.1 , < unspecified (custom)
    Affected: 4.82.0 , < unspecified (custom)
    Unaffected: 4.81.1 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.1 , < unspecified (custom)
    Affected: 4.80.0 , < unspecified (custom)
    Unaffected: 4.79.1 , < unspecified (custom)
    Affected: 4.79.0 , < unspecified (custom)
    Unaffected: 4.78.1 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.2 , < unspecified (custom)
    Affected: unspecified , < 4.56.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3556"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.83.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.83.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.82.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.82.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.81.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.80.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.79.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.79.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.78.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "HHVM supports the use of an \"admin\" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-26T20:05:10.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3556"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-01-09",
              "ID": "CVE-2019-3556",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.83.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.83.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.82.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.82.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.81.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.80.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.79.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.79.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.78.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "HHVM supports the use of an \"admin\" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/11/12/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3556",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3556"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3556",
        "datePublished": "2021-10-26T20:05:10.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24036 (GCVE-0-2021-24036)

    Vulnerability from cvelistv5 – Published: 2021-07-23 00:30 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook folly Unaffected: v2021.07.22.00 , < unspecified (custom)
    Affected: unspecified , < v2021.07.22.00 (custom)
    Create a notification for this product.
    Facebook HHVM Unaffected: 4.118.2 , < unspecified (custom)
    Affected: 4.118.0 , < unspecified (custom)
    Unaffected: 4.117.1 , < unspecified (custom)
    Affected: 4.117.0
    Unaffected: 4.116.1 , < unspecified (custom)
    Affected: 4.116.0
    Unaffected: 4.115.1 , < unspecified (custom)
    Affected: 4.115.0
    Unaffected: 4.114.1 , < unspecified (custom)
    Affected: 4.114.0
    Unaffected: 4.113.1 , < unspecified (custom)
    Affected: 4.113.0
    Unaffected: 4.102.2 , < unspecified (custom)
    Affected: 4.102.0 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.5 , < unspecified (custom)
    Affected: unspecified , < 4.80.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.359Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/07/20/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2021-24036"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "folly",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2021.07.22.00",
                  "versionType": "custom"
                },
                {
                  "lessThan": "v2021.07.22.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.118.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.118.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.117.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.117.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.116.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.116.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.115.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.115.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.114.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.114.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.113.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.113.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.102.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.102.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.80.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-05-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-23T00:30:16.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2021/07/20/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2021-24036"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-05-04",
              "ID": "CVE-2021-24036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "folly",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2021.07.22.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2021.07.22.00"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.118.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.118.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.117.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.117.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.116.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.116.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.115.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.115.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.114.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.114.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.113.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.113.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.102.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.102.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.5"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.80.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/07/20/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2021/07/20/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2021-24036",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2021-24036"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24036",
        "datePublished": "2021-07-23T00:30:16.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1900 (GCVE-0-2020-1900)

    Vulnerability from cvelistv5 – Published: 2021-03-11 00:55 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-416 - Use After Free (CWE-416)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.62.1 , < unspecified (custom)
    Affected: 4.62.0
    Unaffected: 4.61.1 , < unspecified (custom)
    Affected: 4.61.0
    Unaffected: 4.60.1 , < unspecified (custom)
    Affected: 4.60.0
    Unaffected: 4.59.1 , < unspecified (custom)
    Affected: 4.59.0
    Unaffected: 4.58.2 , < unspecified (custom)
    Affected: 4.58.0 , < unspecified (custom)
    Unaffected: 4.57.1 , < unspecified (custom)
    Affected: 4.57.0
    Unaffected: 4.56.1 , < unspecified (custom)
    Affected: 4.33.0 , < unspecified (custom)
    Unaffected: 4.32.3 , < unspecified (custom)
    Affected: unspecified , < 4.32.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.62.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.62.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.61.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.61.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.60.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.60.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.59.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.59.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.58.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.58.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.57.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.57.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.32.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.32.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-06-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free (CWE-416)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-11T00:55:20.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-06-18",
              "ID": "CVE-2020-1900",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.62.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.62.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.61.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.61.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.60.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.60.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.59.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.59.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.58.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.58.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.57.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.33.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.32.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.32.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use After Free (CWE-416)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/06/30/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1900",
        "datePublished": "2021-03-11T00:55:20.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1899 (GCVE-0-2020-1899)

    Vulnerability from cvelistv5 – Published: 2021-03-11 00:55 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - Untrusted Pointer Dereference (CWE-822)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.62.1 , < unspecified (custom)
    Affected: 4.62.0
    Unaffected: 4.61.1 , < unspecified (custom)
    Affected: 4.61.0
    Unaffected: 4.60.1 , < unspecified (custom)
    Affected: 4.60.0
    Unaffected: 4.59.1 , < unspecified (custom)
    Affected: 4.59.0
    Unaffected: 4.58.2 , < unspecified (custom)
    Affected: 4.58.0 , < unspecified (custom)
    Unaffected: 4.57.1 , < unspecified (custom)
    Affected: 4.57.0
    Unaffected: 4.56.1 , < unspecified (custom)
    Affected: 4.33.0 , < unspecified (custom)
    Unaffected: 4.32.3 , < unspecified (custom)
    Affected: unspecified , < 4.32.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.62.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.62.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.61.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.61.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.60.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.60.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.59.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.59.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.58.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.58.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.57.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.57.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.32.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.32.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The unserialize() function supported a type code, \"S\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "Untrusted Pointer Dereference (CWE-822)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-11T00:55:19.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-06-10",
              "ID": "CVE-2020-1899",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.62.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.62.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.61.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.61.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.60.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.60.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.59.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.59.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.58.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.58.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.57.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.33.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.32.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.32.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The unserialize() function supported a type code, \"S\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted Pointer Dereference (CWE-822)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/06/30/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1899",
        "datePublished": "2021-03-11T00:55:19.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1898 (GCVE-0-2020-1898)

    Vulnerability from cvelistv5 – Published: 2021-03-11 00:55 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-674 - Uncontrolled Recursion (CWE-674)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.62.1 , < unspecified (custom)
    Affected: 4.62.0
    Unaffected: 4.61.1 , < unspecified (custom)
    Affected: 4.61.0
    Unaffected: 4.60.1 , < unspecified (custom)
    Affected: 4.60.0
    Unaffected: 4.59.1 , < unspecified (custom)
    Affected: 4.59.0
    Unaffected: 4.58.2 , < unspecified (custom)
    Affected: 4.58.0 , < unspecified (custom)
    Unaffected: 4.57.1 , < unspecified (custom)
    Affected: 4.57.0
    Unaffected: 4.56.1 , < unspecified (custom)
    Affected: 4.33.0 , < unspecified (custom)
    Unaffected: 4.32.3 , < unspecified (custom)
    Affected: unspecified , < 4.32.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.62.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.62.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.61.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.61.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.60.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.60.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.59.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.59.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.58.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.58.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.57.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.57.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.33.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.32.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.32.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "Uncontrolled Recursion (CWE-674)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-11T00:55:18.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-06-09",
              "ID": "CVE-2020-1898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.62.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.62.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.61.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.61.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.60.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.60.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.59.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.59.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.58.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.58.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.57.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.33.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.32.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.32.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Recursion (CWE-674)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/06/30/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/06/30/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1898",
        "datePublished": "2021-03-11T00:55:18.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24025 (GCVE-0-2021-24025)

    Vulnerability from cvelistv5 – Published: 2021-03-10 15:50 – Updated: 2024-08-03 19:14
    VLAI
    Summary
    Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:10.116Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:30.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-01-27",
              "ID": "CVE-2021-24025",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24025",
        "datePublished": "2021-03-10T15:50:30.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:14:10.116Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1921 (GCVE-0-2020-1921)

    Vulnerability from cvelistv5 – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow (CWE-121)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow (CWE-121)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:30.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-12-14",
              "ID": "CVE-2020-1921",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stack-based Buffer Overflow (CWE-121)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1921",
        "datePublished": "2021-03-10T15:50:30.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1919 (GCVE-0-2020-1919)

    Vulnerability from cvelistv5 – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - Out-of-bounds Read (CWE-125)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:29.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-12-11",
              "ID": "CVE-2020-1919",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read (CWE-125)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1919",
        "datePublished": "2021-03-10T15:50:29.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1918 (GCVE-0-2020-1918)

    Vulnerability from cvelistv5 – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-127 - Buffer Under-read (CWE-127)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.798Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-127",
                  "description": "Buffer Under-read (CWE-127)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:28.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-11-15",
              "ID": "CVE-2020-1918",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Under-read (CWE-127)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1918",
        "datePublished": "2021-03-10T15:50:28.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1917 (GCVE-0-2020-1917)

    Vulnerability from cvelistv5 – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.98.1 , < unspecified (custom)
    Affected: 4.98.0
    Unaffected: 4.97.1 , < unspecified (custom)
    Affected: 4.97.0
    Unaffected: 4.96.1 , < unspecified (custom)
    Affected: 4.96.0
    Unaffected: 4.95.1 , < unspecified (custom)
    Affected: 4.95.0
    Unaffected: 4.94.1 , < unspecified (custom)
    Affected: 4.94.0
    Unaffected: 4.93.2 , < unspecified (custom)
    Affected: 4.81.0 , < unspecified (custom)
    Unaffected: 4.80.2 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.3 , < unspecified (custom)
    Affected: unspecified , < 4.56.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.98.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.98.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.97.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.97.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.96.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.96.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.95.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.95.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.94.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.94.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.93.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.81.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:28.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-11-11",
              "ID": "CVE-2020-1917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.98.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.98.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.97.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.97.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.96.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.96.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.95.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.95.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.94.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.94.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.93.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2021/02/25/security-update.html",
                  "refsource": "MISC",
                  "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1917",
        "datePublished": "2021-03-10T15:50:28.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.921Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1916 (GCVE-0-2020-1916)

    Vulnerability from cvelistv5 – Published: 2021-03-10 15:50 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook HHVM Unaffected: 4.83.1 , < unspecified (custom)
    Affected: 4.83.0
    Unaffected: 4.82.1 , < unspecified (custom)
    Affected: 4.82.0
    Unaffected: 4.81.1 , < unspecified (custom)
    Affected: 4.81.0
    Unaffected: 4.80.1 , < unspecified (custom)
    Affected: 4.80.0
    Unaffected: 4.79.1 , < unspecified (custom)
    Affected: 4.79.0
    Unaffected: 4.78.1 , < unspecified (custom)
    Affected: 4.57.0 , < unspecified (custom)
    Unaffected: 4.56.2 , < unspecified (custom)
    Affected: unspecified , < 4.56.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HHVM",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.83.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.83.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.82.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.82.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.81.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.81.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.80.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.80.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.79.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.79.0"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.78.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.57.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "4.56.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.56.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-10T15:50:27.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-30",
              "ID": "CVE-2020-1916",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "HHVM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.83.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.83.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.82.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.82.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.81.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.81.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.80.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.80.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.79.1"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.79.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.78.1"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.57.0"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "4.56.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.56.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hhvm.com/blog/2020/11/12/security-update.html",
                  "refsource": "CONFIRM",
                  "url": "https://hhvm.com/blog/2020/11/12/security-update.html"
                },
                {
                  "name": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1916",
        "datePublished": "2021-03-10T15:50:27.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }