CVE-2020-1918
https://notcve.org/view.php?id=CVE-2020-1918
In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. Las operaciones de archivos en memoria (es decir, usando fopen en un URI de datos) no restringieron apropiadamente la búsqueda negativa, permitiendo la lectura de la memoria antes del búfer en memoria. Este problema afecta HHVM versiones anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y las versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0 • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca https://hhvm.com/blog/2021/02/25/security-update.html • CWE-125: Out-of-bounds Read CWE-127: Buffer Under-read •
CVE-2020-1917
https://notcve.org/view.php?id=CVE-2020-1917
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. La función xbuf_format_converter, usada como parte de exif_read_data, estaba agregando un carácter null de terminación a la cadena generada, pero no estaba usando su función estándar append char. Como resultado, si el búfer estuviera lleno, resultaría en una escritura fuera de límites. • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca https://hhvm.com/blog/2021/02/25/security-update.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •