CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-36937
https://notcve.org/view.php?id=CVE-2022-36937
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected. • https://github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b https://hhvm.com/blog/2023/01/20/security-update.html •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3556
https://notcve.org/view.php?id=CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0. • https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4 https://hhvm.com/blog/2020/11/12/security-update.html https://www.facebook.com/security/advisories/cve-2019-3556 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2021-24036
https://notcve.org/view.php?id=CVE-2021-24036
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1. Pasar un tamaño controlado por un atacante al crear un IOBuf podría causar un desbordamiento de enteros, lo que llevaría a una escritura fuera de límites en la pila con la posibilidad de ejecución de código remoto. Este problema afecta a las versiones de folly anteriores a la v2021.07.22.00. • https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 https://hhvm.com/blog/2021/07/20/security-update.html https://www.facebook.com/security/advisories/cve-2021-24036 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1921
https://notcve.org/view.php?id=CVE-2020-1921
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. En la función crypt, intentamos anular la finalización de un búfer usando el tamaño de la sal de entrada sin comprobar que el desplazamiento esté dentro del búfer. Este problema afecta a HHVM versiones anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0 • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca https://hhvm.com/blog/2021/02/25/security-update.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-24025
https://notcve.org/view.php?id=CVE-2021-24025
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. Debido a cálculos de tamaño de cadena incorrectos dentro de la función preg_quote, una cadena de entrada grande pasada a la función puede desencadenar un desbordamiento de enteros que conlleva a un desbordamiento de la pila. Este problema afecta a versiones de HHVM anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0 • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca https://hhvm.com/blog/2021/02/25/security-update.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •