Out-of-Bounds Read in HHVM from Facebook
CVE-2020-1919
7.5HIGH
What is CVE-2020-1919?
An issue exists in the substr_compare function of HHVM, leading to incorrect bounds calculations. This flaw could trigger an out-of-bounds read when the second string argument exceeds the length of the first string, potentially compromising system integrity. The vulnerability affects multiple versions of HHVM, necessitating careful monitoring and updates to ensure security.
Affected Version(s)
HHVM 4.98.0
HHVM 4.97.0
HHVM 4.96.0