{ "CVE_data_meta": { "ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2020-02-20", "ID": "CVE-2020-1892", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "HHVM", "version": { "version_data": [ { "version_affected": "!=>", "version_value": "4.45.1" }, { "version_affected": "=", "version_value": "4.45.0" }, { "version_affected": "!=>", "version_value": "4.44.1" }, { "version_affected": "=", "version_value": "4.44.0" }, { "version_affected": "!=>", "version_value": "4.43.1" }, { "version_affected": "=", "version_value": "4.43.0" }, { "version_affected": "!=>", "version_value": "4.42.1" }, { "version_affected": "=", "version_value": "4.42.0" }, { "version_affected": "!=>", "version_value": "4.41.1" }, { "version_affected": "=", "version_value": "4.41.0" }, { "version_affected": "!=>", "version_value": "4.40.1" }, { "version_affected": "=", "version_value": "4.40.0" }, { "version_affected": "!=>", "version_value": "4.39.1" }, { "version_affected": "=", "version_value": "4.39.0" }, { "version_affected": "!=>", "version_value": "4.38.1" }, { "version_affected": ">=", "version_value": "4.33.0" }, { "version_affected": "!=>", "version_value": "4.32.1" }, { "version_affected": ">=", "version_value": "4.9.0" }, { "version_affected": "!=>", "version_value": "4.8.7" }, { "version_affected": "<=", "version_value": "4.8.6" } ] } } ] }, "vendor_name": "Facebook" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Out-of-bounds Read (CWE-125)" } ] } ] }, "references": { "reference_data": [ { "refsource": "CONFIRM", "name": "https://hhvm.com/blog/2020/02/20/security-update.html", "url": "https://hhvm.com/blog/2020/02/20/security-update.html" }, { "refsource": "CONFIRM", "name": "https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d", "url": "https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d" } ] } }