What is CVE-2020-1921?

CVE-2020-1921 is a vulnerability in Facebook Hhvm, classified under Stack-based Buffer Overflow. Published 2021-03-10.

Is CVE-2020-1921 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Facebook Hhvm

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (69.7th percentile) — read the EPSS interpretation.

Affected products

Facebook Hhvm — versions 4.98.1, 4.98.0, 4.97.1

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

Public proof-of-concept exploits

References

hhvm.com/blog/2021/02/25/security-update.html (x_refsource_MISC)
github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-1921?: CVE-2020-1921 is a vulnerability in Facebook Hhvm, classified under Stack-based Buffer Overflow. Published 2021-03-10.
Is CVE-2020-1921 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.