Buffer Overflow Vulnerability in HHVM by Facebook
CVE-2020-1921
7.5HIGH
What is CVE-2020-1921?
A vulnerability exists in the crypt function of HHVM, where the code attempts to null terminate a buffer using the size of the input salt. This process does not adequately validate that the offset remains within the bounds of the buffer, potentially leading to a buffer overflow scenario. This flaw impacts several versions of HHVM, necessitating swift action from users to update and mitigate risk.
Affected Version(s)
HHVM 4.98.0
HHVM 4.97.0
HHVM 4.96.0