Buffer Overflow Vulnerability in HHVM by Facebook
CVE-2020-1921

7.5HIGH

Key Information:

Vendor: Facebook
Status: Hhvm
Vendor: CVE Published:; 10 March 2021

What is CVE-2020-1921?

A vulnerability exists in the crypt function of HHVM, where the code attempts to null terminate a buffer using the size of the input salt. This process does not adequately validate that the offset remains within the bounds of the buffer, potentially leading to a buffer overflow scenario. This flaw impacts several versions of HHVM, necessitating swift action from users to update and mitigate risk.

Affected Version(s)

HHVM 4.98.0

HHVM 4.97.0

HHVM 4.96.0

References

https://hhvm.com/blog/2021/02/25/security-update.html

x_refsource_MISC

https://github.com/facebook/hhvm/commit/08193b7f0cd391025...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2021
Vulnerability Reserved
Dec 2, 2019