CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1918
https://notcve.org/view.php?id=CVE-2020-1918
10 Mar 2021 — In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. Las operaciones de archivos en memoria (es decir, usando fopen en un URI de datos) no restringieron apropiadamente la búsqueda negativa, permitiendo la lectura d... • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca • CWE-125: Out-of-bounds Read CWE-127: Buffer Under-read •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1916
https://notcve.org/view.php?id=CVE-2020-1916
10 Mar 2021 — An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0. Un cálculo de tamaño incorrecto en la función ldap_escape puede conllevar a un desbordamiento de enteros cuando es pasada una entrada demasiado larga, resultando en una escritura fuera de límites. Este problema afecta a HHVM versiones ... • https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-1893
https://notcve.org/view.php?id=CVE-2020-1893
03 Mar 2020 — Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. Comprobaciones de límites insuficientes cuando se decodifica JSON en TryParse lee la memoria fuera de límites, conllevando potencialmente a una DOS. Este problema afecta a HHVM versiones 4.45.... • https://github.com/facebook/hhvm/commit/bd586671a3c22eb2f07e55f11b3ce64e1f7961e7 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-1892
https://notcve.org/view.php?id=CVE-2020-1892
03 Mar 2020 — Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. Comprobaciones de límites insuficientes cuando se decodifica JSON en JSON_parser permiten un acceso de lectura en una memoria fuera de límites, conlleva... • https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-1888
https://notcve.org/view.php?id=CVE-2020-1888
03 Mar 2020 — Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. Comprobaciones de límites insuficientes cuando se decodifica JSON en handleBackslash lee la memoria fuera de límites, conllevando potencialmente a una DOS. Este problema afecta a HHVM v... • https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11935
https://notcve.org/view.php?id=CVE-2019-11935
04 Dec 2019 — Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. Las comprobaciones de límite insuficientes cuando se procesa una cadena en mb_ereg_replace permiten un acceso a la memoria fuera de límites. Este problema afecta HHVM versiones anteriores a la versión 3.30.12,... • https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11936
https://notcve.org/view.php?id=CVE-2019-11936
04 Dec 2019 — Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. Varias funciones APC aceptan claves que contienen bytes nulos como entrada, conllevando a un truncamiento prematuro de la entrada. Este problema afecta a HHVM versiones anteriores a la versión 3.30.12, todas las v... • https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373 • CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 9.8EPSS: 3%CPEs: 9EXPL: 0CVE-2019-11930
https://notcve.org/view.php?id=CVE-2019-11930
04 Dec 2019 — An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. Una liberación inválida en mb_detect_order puede causar que la aplicación se bloquee o potencialmente resulte en una ejecución de código remota. Este problema afecta HHVM versiones anteriores a la versió... • https://github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36 • CWE-763: Release of Invalid Pointer or Reference •