CVE-2020-1900
Last modified
CVE-2020-1900 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. EPSS estimates a 1.38% chance of exploitation in the next 30 days.
Description
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hhvm | < 4.32.3 | |
| Hhvm | >= 4.33.0, < 4.56.1 | |
| Hhvm | 4.57.0 | |
| Hhvm | 4.58.0 | |
| Hhvm | 4.58.1 | |
| Hhvm | 4.59.0 | |
| Hhvm | 4.60.0 | |
| Hhvm | 4.61.0 | |
| Hhvm | 4.62.0 |
References
- https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3Patch, Third Party Advisory
- https://hhvm.com/blog/2020/06/30/security-update.htmlVendor Advisory
- https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3Patch, Third Party Advisory
- https://hhvm.com/blog/2020/06/30/security-update.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-1900?
How severe is CVE-2020-1900?
How do I fix CVE-2020-1900?
Are you affected by CVE-2020-1900?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST