CVE-2021-24036

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:facebook:folly:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.114.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.115.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.116.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.117.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.118.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.118.1:*:*:*:*:*:*:*

History

26 Oct 2022, 00:30

Type Values Removed Values Added
CWE CWE-787 CWE-190

04 Aug 2021, 17:38

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:facebook:hhvm:4.114.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:folly:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.115.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.118.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.117.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.116.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.118.1:*:*:*:*:*:*:*
References (MISC) https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 - (MISC) https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 - Patch, Third Party Advisory
References (CONFIRM) https://www.facebook.com/security/advisories/cve-2021-24036 - (CONFIRM) https://www.facebook.com/security/advisories/cve-2021-24036 - Vendor Advisory
References (CONFIRM) https://hhvm.com/blog/2021/07/20/security-update.html - (CONFIRM) https://hhvm.com/blog/2021/07/20/security-update.html - Product, Vendor Advisory

23 Jul 2021, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-23 01:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-24036

Mitre link : CVE-2021-24036

CVE.ORG link : CVE-2021-24036


JSON object : View

Products Affected

facebook

  • hhvm
  • folly
CWE
CWE-190

Integer Overflow or Wraparound

CWE-122

Heap-based Buffer Overflow