Buffer Overflow Vulnerability in HHVM by Facebook
CVE-2020-1921

7.5HIGH

Key Information:

Vendor

Facebook

Status
Vendor
CVE Published:
10 March 2021

What is CVE-2020-1921?

A vulnerability exists in the crypt function of HHVM, where the code attempts to null terminate a buffer using the size of the input salt. This process does not adequately validate that the offset remains within the bounds of the buffer, potentially leading to a buffer overflow scenario. This flaw impacts several versions of HHVM, necessitating swift action from users to update and mitigate risk.

Affected Version(s)

HHVM 4.98.0

HHVM 4.97.0

HHVM 4.96.0

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.