mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-08 03:27:03 +00:00
Auto-merge PR#1032
Auto-merge PR#1032
This commit is contained in:
CVE Team
GitHub
commit
d9113afbf7
@ -1,18 +1,129 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-1898",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-06-09",
|
||||
"ID": "CVE-2020-1898",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "HHVM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.62.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.62.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.61.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.61.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.60.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.60.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.59.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.59.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.58.2"
|
||||
},
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_value": "4.58.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.57.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.57.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.56.1"
|
||||
},
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_value": "4.33.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.32.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "4.32.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Uncontrolled Recursion (CWE-674)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://hhvm.com/blog/2020/06/30/security-update.html",
|
||||
"url": "https://hhvm.com/blog/2020/06/30/security-update.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c",
|
||||
"url": "https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,18 +1,129 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-1899",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-06-10",
|
||||
"ID": "CVE-2020-1899",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "HHVM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.62.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.62.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.61.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.61.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.60.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.60.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.59.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.59.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.58.2"
|
||||
},
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_value": "4.58.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.57.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.57.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.56.1"
|
||||
},
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_value": "4.33.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.32.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "4.32.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The unserialize() function supported a type code, \"S\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Untrusted Pointer Dereference (CWE-822)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://hhvm.com/blog/2020/06/30/security-update.html",
|
||||
"url": "https://hhvm.com/blog/2020/06/30/security-update.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9",
|
||||
"url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,18 +1,129 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2020-1900",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve-assign@fb.com",
|
||||
"DATE_ASSIGNED": "2020-06-18",
|
||||
"ID": "CVE-2020-1900",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Facebook",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "HHVM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.62.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.62.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.61.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.61.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.60.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.60.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.59.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.59.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.58.2"
|
||||
},
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_value": "4.58.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.57.1"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "4.57.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.56.1"
|
||||
},
|
||||
{
|
||||
"version_affected": ">=",
|
||||
"version_value": "4.33.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "!>=",
|
||||
"version_value": "4.32.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_value": "4.32.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Use After Free (CWE-416)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://hhvm.com/blog/2020/06/30/security-update.html",
|
||||
"url": "https://hhvm.com/blog/2020/06/30/security-update.html"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
|
||||
"url": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user