← back
CVE-2020-1892

CVE-2020-1892

EPSS 1.1%CWE-125
Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Affected products
Facebook · HHVM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441dhttps://hhvm.com/blog/2020/02/20/security-update.html