Adding CVE-2021-24036

2025-07-29 05:56:59 +00:00 · 2021-07-22 17:23:05 -07:00 · 2021-07-22 17:23:05 -07:00 · e73eef2c09
commit e73eef2c09
parent b52f756f9e
1 changed files with 152 additions and 17 deletions
--- a/2021/24xxx/CVE-2021-24036.json
+++ b/2021/24xxx/CVE-2021-24036.json
@ -1,18 +1,153 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-24036",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta": {
+		"ASSIGNER": "cve-assign@fb.com",
+		"DATE_ASSIGNED": "2021-05-04",
+		"ID": "CVE-2021-24036",
+		"STATE": "PUBLIC"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [
+				{
+					"vendor_name": "Facebook",
+					"product": {
+						"product_data": [
+							{
+								"product_name": "folly",
+								"version": {
+									"version_data": [
+										{
+											"version_affected": "!>=",
+											"version_value": "v2021.07.22.00"
+										},
+										{
+											"version_affected": "<",
+											"version_value": "v2021.07.22.00"
+										}
+									]
+								}
+							},
+							{
+								"product_name": "HHVM",
+								"version": {
+									"version_data": [
+										{
+											"version_affected": "!>=",
+											"version_value": "4.118.2"
+										},
+										{
+											"version_affected": ">=",
+											"version_value": "4.118.0"
+										},
+										{
+											"version_affected": "!>=",
+											"version_value": "4.117.1"
+										},
+										{
+											"version_affected": "=",
+											"version_value": "4.117.0"
+										},
+										{
+											"version_affected": "!>=",
+											"version_value": "4.116.1"
+										},
+										{
+											"version_affected": "=",
+											"version_value": "4.116.0"
+										},
+										{
+											"version_affected": "!>=",
+											"version_value": "4.115.1"
+										},
+										{
+											"version_affected": "=",
+											"version_value": "4.115.0"
+										},
+										{
+											"version_affected": "!>=",
+											"version_value": "4.114.1"
+										},
+										{
+											"version_affected": "=",
+											"version_value": "4.114.0"
+										},
+										{
+											"version_affected": "!>=",
+											"version_value": "4.113.1"
+										},
+										{
+											"version_affected": "=",
+											"version_value": "4.113.0"
+										},
+										{
+											"version_affected": "!>=",
+											"version_value": "4.102.2"
+										},
+										{
+											"version_affected": ">=",
+											"version_value": "4.102.0"
+										},
+										{
+											"version_affected": ">=",
+											"version_value": "4.81.0"
+										},
+										{
+											"version_affected": "!>=",
+											"version_value": "4.80.5"
+										},
+										{
+											"version_affected": "<",
+											"version_value": "4.80.5"
+										}
+									]
+								}
+							}
+						]
+					}
+				}
+			]
+		}
+	},
+	"data_format": "MITRE",
+	"data_type": "CVE",
+	"data_version": "4.0",
+	"description": {
+		"description_data": [
+			{
+				"lang": "eng",
+				"value": "Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1."
+			}
+		]
+	},
+	"problemtype": {
+		"problemtype_data": [
+			{
+				"description": [
+					{
+						"lang": "eng",
+						"value": "Heap-based Buffer Overflow (CWE-122)"
+					}
+				]
+			}
+		]
+	},
+	"references": {
+		"reference_data": [
+			{
+				"refsource": "CONFIRM",
+				"name": "https://hhvm.com/blog/2021/07/20/security-update.html",
+				"url": "https://hhvm.com/blog/2021/07/20/security-update.html"
+			},
+			{
+				"refsource": "MISC",
+				"name": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3",
+				"url": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3"
+			},
+			{
+				"refsource": "CONFIRM",
+				"name": "https://www.facebook.com/security/advisories/cve-2021-24036",
+				"url": "https://www.facebook.com/security/advisories/cve-2021-24036"
+			}
+		]
+	}
+}