CVE-2020-1916: Integer Overflow
First published: Wed Mar 10 2021(Updated: )
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook HHVM | <4.56.2 | |
| Facebook HHVM | >=4.57.0<4.78.1 | |
| Facebook HHVM | =4.79.0 | |
| Facebook HHVM | =4.80.0 | |
| Facebook HHVM | =4.81.0 | |
| Facebook HHVM | =4.82.0 | |
| Facebook HHVM | =4.83.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-1916.
What is the severity rating of CVE-2020-1916?
CVE-2020-1916 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2020-1916?
CVE-2020-1916 affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.
What is the impact of CVE-2020-1916?
CVE-2020-1916 can lead to an integer overflow and result in an out-of-bounds write.
How can CVE-2020-1916 be fixed?
To fix CVE-2020-1916, update HHVM to version 4.78.1 or later.
- collector/nvd-index
- vendor/facebook
- canonical/facebook hhvm
- version/facebook hhvm/4.57.0
- version/facebook hhvm/4.79.0
- version/facebook hhvm/4.80.0
- version/facebook hhvm/4.81.0
- version/facebook hhvm/4.82.0
- version/facebook hhvm/4.83.0