Vulnerability in Facebook Hhvm

CVE-2020-1918

In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between…

EPSS: 0.003 (56.3th percentile) — read the EPSS interpretation.

Affected products

Facebook Hhvm — versions 4.98.1, 4.98.0, 4.97.1

Weakness classification (CWE)

CWE-127 — Buffer Under-read

References

hhvm.com/blog/2021/02/25/security-update.html (x_refsource_MISC)
github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca (x_refsource_MISC)