admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Publish some HHVM CVEs

Browse Source
This commit is contained in:
Neal Poole 2021-03-10 10:43:53 -05:00
parent 84101babda
commit a443a7c360
No known key found for this signature in database
GPG Key ID: 38BDE4230244F384
6 changed files with 760 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
2020/1xxx/CVE-2020-1916.json
View File

@ -1,18 +1,121 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1916",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-10-30",
"ID": "CVE-2020-1916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "4.83.1"
},
{
"version_affected": "=",
"version_value": "4.83.0"
},
{
"version_affected": "!>=",
"version_value": "4.82.1"
},
{
"version_affected": "=",
"version_value": "4.82.0"
},
{
"version_affected": "!>=",
"version_value": "4.81.1"
},
{
"version_affected": "=",
"version_value": "4.81.0"
},
{
"version_affected": "!>=",
"version_value": "4.80.1"
},
{
"version_affected": "=",
"version_value": "4.80.0"
},
{
"version_affected": "!>=",
"version_value": "4.79.1"
},
{
"version_affected": "=",
"version_value": "4.79.0"
},
{
"version_affected": "!>=",
"version_value": "4.78.1"
},
{
"version_affected": ">=",
"version_value": "4.57.0"
},
{
"version_affected": "!>=",
"version_value": "4.56.2"
},
{
"version_affected": "<",
"version_value": "4.56.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://hhvm.com/blog/2020/11/12/security-update.html",
"url": "https://hhvm.com/blog/2020/11/12/security-update.html"
},
{
"refsource": "MISC",
"name": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4",
"url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"
}
]
}
}

145
2020/1xxx/CVE-2020-1917.json
View File

@ -1,18 +1,129 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1917",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-11-11",
"ID": "CVE-2020-1917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "4.98.1"
},
{
"version_affected": "=",
"version_value": "4.98.0"
},
{
"version_affected": "!>=",
"version_value": "4.97.1"
},
{
"version_affected": "=",
"version_value": "4.97.0"
},
{
"version_affected": "!>=",
"version_value": "4.96.1"
},
{
"version_affected": "=",
"version_value": "4.96.0"
},
{
"version_affected": "!>=",
"version_value": "4.95.1"
},
{
"version_affected": "=",
"version_value": "4.95.0"
},
{
"version_affected": "!>=",
"version_value": "4.94.1"
},
{
"version_affected": "=",
"version_value": "4.94.0"
},
{
"version_affected": "!>=",
"version_value": "4.93.2"
},
{
"version_affected": ">=",
"version_value": "4.81.0"
},
{
"version_affected": "!>=",
"version_value": "4.80.2"
},
{
"version_affected": ">=",
"version_value": "4.57.0"
},
{
"version_affected": "!>=",
"version_value": "4.56.3"
},
{
"version_affected": "<",
"version_value": "4.56.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hhvm.com/blog/2021/02/25/security-update.html",
"url": "https://hhvm.com/blog/2021/02/25/security-update.html"
},
{
"refsource": "MISC",
"name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
"url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
}
]
}
}

145
2020/1xxx/CVE-2020-1918.json
View File

@ -1,18 +1,129 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-11-15",
"ID": "CVE-2020-1918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "4.98.1"
},
{
"version_affected": "=",
"version_value": "4.98.0"
},
{
"version_affected": "!>=",
"version_value": "4.97.1"
},
{
"version_affected": "=",
"version_value": "4.97.0"
},
{
"version_affected": "!>=",
"version_value": "4.96.1"
},
{
"version_affected": "=",
"version_value": "4.96.0"
},
{
"version_affected": "!>=",
"version_value": "4.95.1"
},
{
"version_affected": "=",
"version_value": "4.95.0"
},
{
"version_affected": "!>=",
"version_value": "4.94.1"
},
{
"version_affected": "=",
"version_value": "4.94.0"
},
{
"version_affected": "!>=",
"version_value": "4.93.2"
},
{
"version_affected": ">=",
"version_value": "4.81.0"
},
{
"version_affected": "!>=",
"version_value": "4.80.2"
},
{
"version_affected": ">=",
"version_value": "4.57.0"
},
{
"version_affected": "!>=",
"version_value": "4.56.3"
},
{
"version_affected": "<",
"version_value": "4.56.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Under-read (CWE-127)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hhvm.com/blog/2021/02/25/security-update.html",
"url": "https://hhvm.com/blog/2021/02/25/security-update.html"
},
{
"refsource": "MISC",
"name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
"url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
}
]
}
}

145
2020/1xxx/CVE-2020-1919.json
View File

@ -1,18 +1,129 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1919",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-12-11",
"ID": "CVE-2020-1919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "4.98.1"
},
{
"version_affected": "=",
"version_value": "4.98.0"
},
{
"version_affected": "!>=",
"version_value": "4.97.1"
},
{
"version_affected": "=",
"version_value": "4.97.0"
},
{
"version_affected": "!>=",
"version_value": "4.96.1"
},
{
"version_affected": "=",
"version_value": "4.96.0"
},
{
"version_affected": "!>=",
"version_value": "4.95.1"
},
{
"version_affected": "=",
"version_value": "4.95.0"
},
{
"version_affected": "!>=",
"version_value": "4.94.1"
},
{
"version_affected": "=",
"version_value": "4.94.0"
},
{
"version_affected": "!>=",
"version_value": "4.93.2"
},
{
"version_affected": ">=",
"version_value": "4.81.0"
},
{
"version_affected": "!>=",
"version_value": "4.80.2"
},
{
"version_affected": ">=",
"version_value": "4.57.0"
},
{
"version_affected": "!>=",
"version_value": "4.56.3"
},
{
"version_affected": "<",
"version_value": "4.56.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hhvm.com/blog/2021/02/25/security-update.html",
"url": "https://hhvm.com/blog/2021/02/25/security-update.html"
},
{
"refsource": "MISC",
"name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
"url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
}
]
}
}

145
2020/1xxx/CVE-2020-1921.json
View File

@ -1,18 +1,129 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-12-14",
"ID": "CVE-2020-1921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "4.98.1"
},
{
"version_affected": "=",
"version_value": "4.98.0"
},
{
"version_affected": "!>=",
"version_value": "4.97.1"
},
{
"version_affected": "=",
"version_value": "4.97.0"
},
{
"version_affected": "!>=",
"version_value": "4.96.1"
},
{
"version_affected": "=",
"version_value": "4.96.0"
},
{
"version_affected": "!>=",
"version_value": "4.95.1"
},
{
"version_affected": "=",
"version_value": "4.95.0"
},
{
"version_affected": "!>=",
"version_value": "4.94.1"
},
{
"version_affected": "=",
"version_value": "4.94.0"
},
{
"version_affected": "!>=",
"version_value": "4.93.2"
},
{
"version_affected": ">=",
"version_value": "4.81.0"
},
{
"version_affected": "!>=",
"version_value": "4.80.2"
},
{
"version_affected": ">=",
"version_value": "4.57.0"
},
{
"version_affected": "!>=",
"version_value": "4.56.3"
},
{
"version_affected": "<",
"version_value": "4.56.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hhvm.com/blog/2021/02/25/security-update.html",
"url": "https://hhvm.com/blog/2021/02/25/security-update.html"
},
{
"refsource": "MISC",
"name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
"url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
}
]
}
}

145
2021/24xxx/CVE-2021-24025.json
View File

@ -1,18 +1,129 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-24025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-01-27",
"ID": "CVE-2021-24025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Facebook",
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!>=",
"version_value": "4.98.1"
},
{
"version_affected": "=",
"version_value": "4.98.0"
},
{
"version_affected": "!>=",
"version_value": "4.97.1"
},
{
"version_affected": "=",
"version_value": "4.97.0"
},
{
"version_affected": "!>=",
"version_value": "4.96.1"
},
{
"version_affected": "=",
"version_value": "4.96.0"
},
{
"version_affected": "!>=",
"version_value": "4.95.1"
},
{
"version_affected": "=",
"version_value": "4.95.0"
},
{
"version_affected": "!>=",
"version_value": "4.94.1"
},
{
"version_affected": "=",
"version_value": "4.94.0"
},
{
"version_affected": "!>=",
"version_value": "4.93.2"
},
{
"version_affected": ">=",
"version_value": "4.81.0"
},
{
"version_affected": "!>=",
"version_value": "4.80.2"
},
{
"version_affected": ">=",
"version_value": "4.57.0"
},
{
"version_affected": "!>=",
"version_value": "4.56.3"
},
{
"version_affected": "<",
"version_value": "4.56.3"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://hhvm.com/blog/2021/02/25/security-update.html",
"url": "https://hhvm.com/blog/2021/02/25/security-update.html"
},
{
"refsource": "MISC",
"name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
"url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
}
]
}
}