Integer Overflow Vulnerability in HHVM by Facebook
CVE-2020-1916
9.8CRITICAL
What is CVE-2020-1916?
An integer overflow vulnerability exists in HHVM due to an incorrect size calculation in the ldap_escape function. When excessively long input is provided, it may lead to an out-of-bounds write, compromising the integrity of the application. This vulnerability affects various versions of HHVM, specifically those prior to 4.56.2 and selected versions in the range of 4.57.0 through 4.83.0. Users are advised to upgrade to the latest version to mitigate any potential risks associated with this vulnerability.
Affected Version(s)
HHVM 4.83.0
HHVM 4.82.0
HHVM 4.81.0