CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1899
https://notcve.org/view.php?id=CVE-2020-1899
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. La función unserialize() admitía un código de tipo, "S", que estaba destinado a ser admitido solo para la serialización APC. Este código de tipo permitía acceder a direcciones de memoria arbitrarias como si fueran objetos StringData estáticos. • https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9 https://hhvm.com/blog/2020/06/30/security-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1898
https://notcve.org/view.php?id=CVE-2020-1898
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. La función fb_unserialize no impuso un límite de profundidad para la deserialización anidada. Eso significaba que una cadena construida maliciosamente podría causar que una deserialización se repitiera, conllevando a un agotamiento de la pila. • https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c https://hhvm.com/blog/2020/06/30/security-update.html • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24030
https://notcve.org/view.php?id=CVE-2021-24030
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0. El controlador de protocolo fbgames registrado como parte de Facebook Gameroom no cita correctamente los argumentos pasados ??al ejecutable. • https://www.facebook.com/security/advisories/cve-2021-24030 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-24025
https://notcve.org/view.php?id=CVE-2021-24025
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. Debido a cálculos de tamaño de cadena incorrectos dentro de la función preg_quote, una cadena de entrada grande pasada a la función puede desencadenar un desbordamiento de enteros que conlleva a un desbordamiento de la pila. Este problema afecta a versiones de HHVM anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0 • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca https://hhvm.com/blog/2021/02/25/security-update.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1921
https://notcve.org/view.php?id=CVE-2020-1921
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. En la función crypt, intentamos anular la finalización de un búfer usando el tamaño de la sal de entrada sin comprobar que el desplazamiento esté dentro del búfer. Este problema afecta a HHVM versiones anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0 • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca https://hhvm.com/blog/2021/02/25/security-update.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •