We found results for “”
CVE-2020-1898
Good to know:
Date: March 10, 2021
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
Language: C++
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Uncontrolled Recursion
CWE-674Top Fix
Upgrade Version
Upgrade to version HHVM-4.32.3,HHVM-4.56.1,HHVM-4.58.2,HHVM-4.59.1,HHVM-4.60.1,HHVM-4.61.1,HHVM-4.62.1,HHVM-4.64.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | PARTIAL |
Additional information: |