Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook hhvm 4.57.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-1898
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.5...
Facebook Hhvm
Facebook Hhvm 4.57.0
Facebook Hhvm 4.58.0
Facebook Hhvm 4.58.1
Facebook Hhvm 4.59.0
Facebook Hhvm 4.60.0
Facebook Hhvm 4.61.0
Facebook Hhvm 4.62.0
5
CVSSv2
CVE-2020-1899
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, betw...
Facebook Hhvm
Facebook Hhvm 4.57.0
Facebook Hhvm 4.58.0
Facebook Hhvm 4.58.1
Facebook Hhvm 4.59.0
Facebook Hhvm 4.60.0
Facebook Hhvm 4.61.0
Facebook Hhvm 4.62.0
7.5
CVSSv2
CVE-2020-1900
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHV...
Facebook Hhvm
Facebook Hhvm 4.57.0
Facebook Hhvm 4.58.0
Facebook Hhvm 4.58.1
Facebook Hhvm 4.59.0
Facebook Hhvm 4.60.0
Facebook Hhvm 4.61.0
Facebook Hhvm 4.62.0
7.5
CVSSv2
CVE-2020-1916
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM before 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.
Facebook Hhvm
Facebook Hhvm 4.79.0
Facebook Hhvm 4.80.0
Facebook Hhvm 4.81.0
Facebook Hhvm 4.82.0
Facebook Hhvm 4.83.0
5
CVSSv2
CVE-2020-1919
Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, ...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
7.5
CVSSv2
CVE-2021-24025
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions b...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
5
CVSSv2
CVE-2020-1921
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
2 Github repositories
5
CVSSv2
CVE-2020-1918
In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.8...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
7.5
CVSSv2
CVE-2020-1917
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM ...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
5.5
CVSSv2
CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter whi...
Facebook Hhvm
Facebook Hhvm 4.79.0
Facebook Hhvm 4.80.0
Facebook Hhvm 4.81.0
Facebook Hhvm 4.82.0
Facebook Hhvm 4.83.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started