CVE-2020-1918 is a vulnerability in Facebook Hhvm

CVE-2020-1918 is a vulnerability in Facebook Hhvm
Published on March 10, 2021

In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

Weakness Type

Buffer Under-read

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer. This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.

Products Associated with CVE-2020-1918

Want to know whenever a new CVE is published for Facebook Hhvm? stack.watch will email you.

Affected Versions

Version 4.98.1 and below unspecified is unaffected.

Version 4.98.0 is affected.

Version 4.97.1 and below unspecified is unaffected.

Version 4.97.0 is affected.

Version 4.96.1 and below unspecified is unaffected.

Version 4.96.0 is affected.

Version 4.95.1 and below unspecified is unaffected.

Version 4.95.0 is affected.

Version 4.94.1 and below unspecified is unaffected.

Version 4.94.0 is affected.

Version 4.93.2 and below unspecified is unaffected.

Version 4.81.0 and below unspecified is affected.

Version 4.80.2 and below unspecified is unaffected.

Version 4.57.0 and below unspecified is affected.

Version 4.56.3 and below unspecified is unaffected.

Version unspecified and below 4.56.3 is affected.

Exploit Probability

EPSS

0.33%

Percentile

55.64%