CVE-2020-1900

moderate-risk

Published 2021-03-11

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.

Do I need to act?

0.81% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (8)

Hhvm

Affected Vendors

Facebook

References (4)

Patch https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3

Vendor Advisory https://hhvm.com/blog/2020/06/30/security-update.html

Patch https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3

Vendor Advisory https://hhvm.com/blog/2020/06/30/security-update.html

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 3/34 · Minimal

Exposure 14/34 · Moderate