CVE-2020-1921 is a vulnerability in Facebook Hhvm
Published on March 10, 2021
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
Weakness Type
What is a Stack Overflow Vulnerability?
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2020-1921 has been classified to as a Stack Overflow vulnerability or weakness.
Products Associated with CVE-2020-1921
Want to know whenever a new CVE is published for Facebook Hhvm? stack.watch will email you.
Affected Versions
Facebook HHVM:- Version 4.98.1 and below unspecified is unaffected.
- Version 4.98.0 is affected.
- Version 4.97.1 and below unspecified is unaffected.
- Version 4.97.0 is affected.
- Version 4.96.1 and below unspecified is unaffected.
- Version 4.96.0 is affected.
- Version 4.95.1 and below unspecified is unaffected.
- Version 4.95.0 is affected.
- Version 4.94.1 and below unspecified is unaffected.
- Version 4.94.0 is affected.
- Version 4.93.2 and below unspecified is unaffected.
- Version 4.81.0 and below unspecified is affected.
- Version 4.80.2 and below unspecified is unaffected.
- Version 4.57.0 and below unspecified is affected.
- Version 4.56.3 and below unspecified is unaffected.
- Version unspecified and below 4.56.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.