CVE-2020-1900: Use After Free
First published: Thu Mar 11 2021(Updated: )
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook HHVM | <4.32.3 | |
| Facebook HHVM | >=4.33.0<4.56.1 | |
| Facebook HHVM | =4.57.0 | |
| Facebook HHVM | =4.58.0 | |
| Facebook HHVM | =4.58.1 | |
| Facebook HHVM | =4.59.0 | |
| Facebook HHVM | =4.60.0 | |
| Facebook HHVM | =4.61.0 | |
| Facebook HHVM | =4.62.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-1900?
CVE-2020-1900 is a vulnerability in Facebook HHVM that allows an attacker to resize the dynamic property array, potentially invalidating previously stored references.
How does CVE-2020-1900 impact HHVM?
CVE-2020-1900 affects HHVM versions prior to v4.32.3, and from v4.33.0 to v4.56.1. It does not affect HHVM versions v4.57.0 and above.
What is the severity of CVE-2020-1900?
CVE-2020-1900 has a severity rating of 9.8, which is considered critical.
How can I fix CVE-2020-1900?
To fix CVE-2020-1900, update your HHVM installation to version v4.32.3 or higher if you are using a vulnerable version.
Where can I find more information about CVE-2020-1900?
More information about CVE-2020-1900 can be found in the official security update blog post by HHVM (https://hhvm.com/blog/2020/06/30/security-update.html) and in the GitHub commit (https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3).
- collector/nvd-index
- vendor/facebook
- product/hhvm
- canonical/facebook hhvm