Out-of-bounds Read in Facebook Hhvm

CVE-2020-1893

Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusi…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (70.2th percentile) — read the EPSS interpretation.

Affected products

Facebook Hhvm — versions 4.45.1, 4.45.0, 4.44.1

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

hhvm.com/blog/2020/02/20/security-update.html (x_refsource_CONFIRM)
github.com/facebook/hhvm/commit/bd586671a3c22eb2f07e55f11b3ce64e1f7961e7 (x_refsource_CONFIRM)