CVE-2020-1892
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Comprobaciones de límites insuficientes cuando se decodifica JSON en JSON_parser permiten un acceso de lectura en una memoria fuera de límites, conllevando a un filtrado de información y a una DOS. Este problema afecta a HHVM versiones 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versiones entre 4.33.0 y 4.38.0 (inclusive), versiones entre 4.9.0 y 4.32.0 (inclusive), y versiones anteriores a 4.8.7.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-02 CVE Reserved
- 2020-03-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d | 2020-03-05 |
| URL | Date | SRC |
|---|---|---|
| https://hhvm.com/blog/2020/02/20/security-update.html | 2020-03-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | < 4.8.7 Search vendor "Facebook" for product "Hhvm" and version " < 4.8.7" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | >= 4.9.0 <= 4.32.0 Search vendor "Facebook" for product "Hhvm" and version " >= 4.9.0 <= 4.32.0" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | >= 4.33.0 <= 4.38.0 Search vendor "Facebook" for product "Hhvm" and version " >= 4.33.0 <= 4.38.0" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | 4.39.0 Search vendor "Facebook" for product "Hhvm" and version "4.39.0" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | 4.40.0 Search vendor "Facebook" for product "Hhvm" and version "4.40.0" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | 4.41.0 Search vendor "Facebook" for product "Hhvm" and version "4.41.0" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | 4.42.0 Search vendor "Facebook" for product "Hhvm" and version "4.42.0" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | 4.43.0 Search vendor "Facebook" for product "Hhvm" and version "4.43.0" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | 4.44.0 Search vendor "Facebook" for product "Hhvm" and version "4.44.0" | - |
Affected
| ||||||
| Facebook Search vendor "Facebook" | Hhvm Search vendor "Facebook" for product "Hhvm" | 4.45.0 Search vendor "Facebook" for product "Hhvm" and version "4.45.0" | - |
Affected
| ||||||