Buffer overflow in Facebook Folly

CVE-2021-24036

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22…

Vulnerability class: Buffer Overflow

EPSS: 0.062 (91.0th percentile) — read the EPSS interpretation.

Affected products

Facebook Folly — versions v2021.07.22.00, unspecified
Facebook Hhvm — versions 4.118.2, 4.118.0, 4.117.1

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

hhvm.com/blog/2021/07/20/security-update.html (x_refsource_CONFIRM)
github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 (x_refsource_MISC)
www.facebook.com/security/advisories/cve-2021-24036 (x_refsource_CONFIRM)