When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
References
Link | Resource |
---|---|
https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3 | Patch Third Party Advisory |
https://hhvm.com/blog/2020/06/30/security-update.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Mar 2021, 14:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:facebook:hhvm:4.60.0:*:*:*:*:*:*:* cpe:2.3:a:facebook:hhvm:4.58.1:*:*:*:*:*:*:* cpe:2.3:a:facebook:hhvm:4.62.0:*:*:*:*:*:*:* cpe:2.3:a:facebook:hhvm:4.58.0:*:*:*:*:*:*:* cpe:2.3:a:facebook:hhvm:4.59.0:*:*:*:*:*:*:* cpe:2.3:a:facebook:hhvm:4.61.0:*:*:*:*:*:*:* cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:* cpe:2.3:a:facebook:hhvm:4.57.0:*:*:*:*:*:*:* |
|
CWE | CWE-416 | |
References | (CONFIRM) https://hhvm.com/blog/2020/06/30/security-update.html - Vendor Advisory | |
References | (MISC) https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3 - Patch, Third Party Advisory |
11 Mar 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-11 01:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-1900
Mitre link : CVE-2020-1900
CVE.ORG link : CVE-2020-1900
JSON object : View
Products Affected
- hhvm
CWE
CWE-416
Use After Free