CVE-2020-1916 is a vulnerability in Facebook Hhvm
Published on March 10, 2021
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2020-1916
Want to know whenever a new CVE is published for Facebook Hhvm? stack.watch will email you.
Affected Versions
Facebook HHVM:- Version 4.83.1 and below unspecified is unaffected.
- Version 4.83.0 is affected.
- Version 4.82.1 and below unspecified is unaffected.
- Version 4.82.0 is affected.
- Version 4.81.1 and below unspecified is unaffected.
- Version 4.81.0 is affected.
- Version 4.80.1 and below unspecified is unaffected.
- Version 4.80.0 is affected.
- Version 4.79.1 and below unspecified is unaffected.
- Version 4.79.0 is affected.
- Version 4.78.1 and below unspecified is unaffected.
- Version 4.57.0 and below unspecified is affected.
- Version 4.56.2 and below unspecified is unaffected.
- Version unspecified and below 4.56.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.