← back
CVE-2020-1888

CVE-2020-1888

EPSS 1.1%CWE-125
Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Affected products
Facebook · HHVM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13https://hhvm.com/blog/2020/02/20/security-update.html