CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1918
https://notcve.org/view.php?id=CVE-2020-1918
In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. Las operaciones de archivos en memoria (es decir, usando fopen en un URI de datos) no restringieron apropiadamente la búsqueda negativa, permitiendo la lectura de la memoria antes del búfer en memoria. Este problema afecta HHVM versiones anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y las versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0 • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca https://hhvm.com/blog/2021/02/25/security-update.html • CWE-125: Out-of-bounds Read CWE-127: Buffer Under-read •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-1916
https://notcve.org/view.php?id=CVE-2020-1916
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0. Un cálculo de tamaño incorrecto en la función ldap_escape puede conllevar a un desbordamiento de enteros cuando es pasada una entrada demasiado larga, resultando en una escritura fuera de límites. Este problema afecta a HHVM versiones anteriores a 4.56.2, todas las versiones entre 4.57.0 y 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0 • https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4 https://hhvm.com/blog/2020/11/12/security-update.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-1892
https://notcve.org/view.php?id=CVE-2020-1892
Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. Comprobaciones de límites insuficientes cuando se decodifica JSON en JSON_parser permiten un acceso de lectura en una memoria fuera de límites, conllevando a un filtrado de información y a una DOS. Este problema afecta a HHVM versiones 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versiones entre 4.33.0 y 4.38.0 (inclusive), versiones entre 4.9.0 y 4.32.0 (inclusive), y versiones anteriores a 4.8.7. • https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d https://hhvm.com/blog/2020/02/20/security-update.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-1893
https://notcve.org/view.php?id=CVE-2020-1893
Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. Comprobaciones de límites insuficientes cuando se decodifica JSON en TryParse lee la memoria fuera de límites, conllevando potencialmente a una DOS. Este problema afecta a HHVM versiones 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versiones entre 4.33.0 y 4.38.0 (inclusive), y versiones entre 4.9.0 y 4.32.0 (inclusive), y versiones anteriores a 4.8.7. • https://github.com/facebook/hhvm/commit/bd586671a3c22eb2f07e55f11b3ce64e1f7961e7 https://hhvm.com/blog/2020/02/20/security-update.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-1888
https://notcve.org/view.php?id=CVE-2020-1888
Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. Comprobaciones de límites insuficientes cuando se decodifica JSON en handleBackslash lee la memoria fuera de límites, conllevando potencialmente a una DOS. Este problema afecta a HHVM versiones 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versiones entre 4.33.0 y 4.38.0 (inclusive), versiones entre 4.9.0 y 4.32.0 (inclusive), y versiones anteriores a 4.8.7. • https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13 https://hhvm.com/blog/2020/02/20/security-update.html • CWE-125: Out-of-bounds Read •