Known Vulnerabilities for Hhvm by Facebook
Listed below are 10 of the newest known vulnerabilities associated with "Hhvm" by "Facebook".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-24036 | Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on... | 9.8 - CRITICAL | 2021-07-23 | 2022-10-26 |
| CVE-2021-24025 | Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can tri... | 9.8 - CRITICAL | 2021-03-10 | 2021-03-16 |
| CVE-2020-1917 | xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, bu... | 9.8 - CRITICAL | 2021-03-10 | 2021-03-17 |
| CVE-2020-1916 | An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting i... | 9.8 - CRITICAL | 2021-03-10 | 2021-03-17 |
| CVE-2020-1900 | When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array be... | 9.8 - CRITICAL | 2021-03-11 | 2021-03-18 |
| CVE-2020-1899 | The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type ... | 7.5 - HIGH | 2021-03-11 | 2021-03-18 |
| CVE-2020-1898 | The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed str... | 7.5 - HIGH | 2021-03-11 | 2021-03-17 |
| CVE-2020-1893 | Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issu... | 7.5 - HIGH | 2020-03-03 | 2020-03-05 |
| CVE-2020-1892 | Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leadin... | 8.1 - HIGH | 2020-03-03 | 2020-03-05 |
| CVE-2020-1888 | Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. Th... | 7.5 - HIGH | 2020-03-03 | 2020-03-05 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hhvm | 4.99.0 | All | All | All | |
| Application | Hhvm | 4.98.0 | All | All | All | |
| Application | Hhvm | 4.97.0 | All | All | All | |
| Application | Hhvm | 4.96.0 | All | All | All | |
| Application | Hhvm | 4.95.0 | All | All | All | |
| Application | Hhvm | 4.94.0 | All | All | All | |
| Application | Hhvm | 4.93.2 | All | All | All | |
| Application | Hhvm | 4.93.1 | All | All | All | |
| Application | Hhvm | 4.9.1 | All | All | All | |
| Application | Hhvm | 4.9.0 | All | All | All | |
| Application | Hhvm | 4.83.0 | All | All | All | |
| Application | Hhvm | 4.82.0 | All | All | All | |
| Application | Hhvm | 4.81.1 | All | All | All | |
| Application | Hhvm | 4.81.0 | All | All | All | |
| Application | Hhvm | 4.80.2 | All | All | All | |
| Application | Hhvm | 4.80.0 | All | All | All | |
| Application | Hhvm | 4.8.7 | All | All | All | |
| Application | Hhvm | 4.8.6 | All | All | All | |
| Application | Hhvm | 4.8.5 | All | All | All | |
| Application | Hhvm | 4.8.4 | All | All | All |