We found results for “”
CVE-2020-1900
Good to know:
Date: March 10, 2021
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
Language: C++
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Use After Free
CWE-416Top Fix
Upgrade Version
Upgrade to version HHVM-4.32.3,HHVM-4.56.1,HHVM-4.58.2,HHVM-4.59.1,HHVM-4.60.1,HHVM-4.61.1,HHVM-4.62.1,HHVM-4.64.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |