Out-of-bounds Read in Facebook Hhvm

CVE-2020-1892

Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, ver…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (70.2th percentile) — read the EPSS interpretation.

Affected products

Facebook Hhvm — versions 4.45.1, 4.45.0, 4.44.1

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

hhvm.com/blog/2020/02/20/security-update.html (x_refsource_CONFIRM)
github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d (x_refsource_CONFIRM)