CVE-2020-1898 is a vulnerability in Facebook Hhvm
Published on March 11, 2021
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
Weakness Type
What is a Stack Exhaustion Vulnerability?
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
CVE-2020-1898 has been classified to as a Stack Exhaustion vulnerability or weakness.
Products Associated with CVE-2020-1898
Want to know whenever a new CVE is published for Facebook Hhvm? stack.watch will email you.
Affected Versions
Facebook HHVM:- Version 4.62.1 and below unspecified is unaffected.
- Version 4.62.0 is affected.
- Version 4.61.1 and below unspecified is unaffected.
- Version 4.61.0 is affected.
- Version 4.60.1 and below unspecified is unaffected.
- Version 4.60.0 is affected.
- Version 4.59.1 and below unspecified is unaffected.
- Version 4.59.0 is affected.
- Version 4.58.2 and below unspecified is unaffected.
- Version 4.58.0 and below unspecified is affected.
- Version 4.57.1 and below unspecified is unaffected.
- Version 4.57.0 is affected.
- Version 4.56.1 and below unspecified is unaffected.
- Version 4.33.0 and below unspecified is affected.
- Version 4.32.3 and below unspecified is unaffected.
- Version unspecified and below 4.32.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.