diff --git a/2020/1xxx/CVE-2020-1898.json b/2020/1xxx/CVE-2020-1898.json index 35c1a95217f..e02afc609f2 100644 --- a/2020/1xxx/CVE-2020-1898.json +++ b/2020/1xxx/CVE-2020-1898.json @@ -1,18 +1,129 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-1898", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2020-06-09", + "ID": "CVE-2020-1898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Facebook", + "product": { + "product_data": [ + { + "product_name": "HHVM", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_value": "4.62.1" + }, + { + "version_affected": "=", + "version_value": "4.62.0" + }, + { + "version_affected": "!>=", + "version_value": "4.61.1" + }, + { + "version_affected": "=", + "version_value": "4.61.0" + }, + { + "version_affected": "!>=", + "version_value": "4.60.1" + }, + { + "version_affected": "=", + "version_value": "4.60.0" + }, + { + "version_affected": "!>=", + "version_value": "4.59.1" + }, + { + "version_affected": "=", + "version_value": "4.59.0" + }, + { + "version_affected": "!>=", + "version_value": "4.58.2" + }, + { + "version_affected": ">=", + "version_value": "4.58.0" + }, + { + "version_affected": "!>=", + "version_value": "4.57.1" + }, + { + "version_affected": "=", + "version_value": "4.57.0" + }, + { + "version_affected": "!>=", + "version_value": "4.56.1" + }, + { + "version_affected": ">=", + "version_value": "4.33.0" + }, + { + "version_affected": "!>=", + "version_value": "4.32.3" + }, + { + "version_affected": "<", + "version_value": "4.32.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Recursion (CWE-674)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://hhvm.com/blog/2020/06/30/security-update.html", + "url": "https://hhvm.com/blog/2020/06/30/security-update.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c", + "url": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c" + } + ] + } +} diff --git a/2020/1xxx/CVE-2020-1899.json b/2020/1xxx/CVE-2020-1899.json index 5297688ea90..c3b510ed7a6 100644 --- a/2020/1xxx/CVE-2020-1899.json +++ b/2020/1xxx/CVE-2020-1899.json @@ -1,18 +1,129 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-1899", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2020-06-10", + "ID": "CVE-2020-1899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Facebook", + "product": { + "product_data": [ + { + "product_name": "HHVM", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_value": "4.62.1" + }, + { + "version_affected": "=", + "version_value": "4.62.0" + }, + { + "version_affected": "!>=", + "version_value": "4.61.1" + }, + { + "version_affected": "=", + "version_value": "4.61.0" + }, + { + "version_affected": "!>=", + "version_value": "4.60.1" + }, + { + "version_affected": "=", + "version_value": "4.60.0" + }, + { + "version_affected": "!>=", + "version_value": "4.59.1" + }, + { + "version_affected": "=", + "version_value": "4.59.0" + }, + { + "version_affected": "!>=", + "version_value": "4.58.2" + }, + { + "version_affected": ">=", + "version_value": "4.58.0" + }, + { + "version_affected": "!>=", + "version_value": "4.57.1" + }, + { + "version_affected": "=", + "version_value": "4.57.0" + }, + { + "version_affected": "!>=", + "version_value": "4.56.1" + }, + { + "version_affected": ">=", + "version_value": "4.33.0" + }, + { + "version_affected": "!>=", + "version_value": "4.32.3" + }, + { + "version_affected": "<", + "version_value": "4.32.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The unserialize() function supported a type code, \"S\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference (CWE-822)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://hhvm.com/blog/2020/06/30/security-update.html", + "url": "https://hhvm.com/blog/2020/06/30/security-update.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9", + "url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9" + } + ] + } +} diff --git a/2020/1xxx/CVE-2020-1900.json b/2020/1xxx/CVE-2020-1900.json index 757a4f714cd..feb58b1cb4b 100644 --- a/2020/1xxx/CVE-2020-1900.json +++ b/2020/1xxx/CVE-2020-1900.json @@ -1,18 +1,129 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-1900", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2020-06-18", + "ID": "CVE-2020-1900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Facebook", + "product": { + "product_data": [ + { + "product_name": "HHVM", + "version": { + "version_data": [ + { + "version_affected": "!>=", + "version_value": "4.62.1" + }, + { + "version_affected": "=", + "version_value": "4.62.0" + }, + { + "version_affected": "!>=", + "version_value": "4.61.1" + }, + { + "version_affected": "=", + "version_value": "4.61.0" + }, + { + "version_affected": "!>=", + "version_value": "4.60.1" + }, + { + "version_affected": "=", + "version_value": "4.60.0" + }, + { + "version_affected": "!>=", + "version_value": "4.59.1" + }, + { + "version_affected": "=", + "version_value": "4.59.0" + }, + { + "version_affected": "!>=", + "version_value": "4.58.2" + }, + { + "version_affected": ">=", + "version_value": "4.58.0" + }, + { + "version_affected": "!>=", + "version_value": "4.57.1" + }, + { + "version_affected": "=", + "version_value": "4.57.0" + }, + { + "version_affected": "!>=", + "version_value": "4.56.1" + }, + { + "version_affected": ">=", + "version_value": "4.33.0" + }, + { + "version_affected": "!>=", + "version_value": "4.32.3" + }, + { + "version_affected": "<", + "version_value": "4.32.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free (CWE-416)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://hhvm.com/blog/2020/06/30/security-update.html", + "url": "https://hhvm.com/blog/2020/06/30/security-update.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3", + "url": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3" + } + ] + } +}