nvd-json-data-feeds/CVE-2021/CVE-2021-240xx/CVE-2021-24025.json

{
  "id": "CVE-2021-24025",
  "sourceIdentifier": "cve-assign@fb.com",
  "published": "2021-03-10T16:15:16.750",
  "lastModified": "2021-03-16T12:45:19.033",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
    },
    {
      "lang": "es",
      "value": "Debido a c\u00e1lculos de tama\u00f1o de cadena incorrectos dentro de la funci\u00f3n preg_quote, una cadena de entrada grande pasada a la funci\u00f3n puede desencadenar un desbordamiento de enteros que conlleva a un desbordamiento de la pila.&#xa0;Este problema afecta a versiones de HHVM anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ]
    },
    {
      "source": "cve-assign@fb.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "4.56.3",
              "matchCriteriaId": "069C0B7D-5233-4EFF-BBA7-8B84D9227044"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "4.57.0",
              "versionEndIncluding": "4.80.1",
              "matchCriteriaId": "F5E6E1A7-225A-4C45-9E2D-5ED55BA3AEA3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "4.81.0",
              "versionEndIncluding": "4.93.1",
              "matchCriteriaId": "9470E6A8-E2CB-4C72-8FEF-5CFF04E7E3C3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:facebook:hhvm:4.94.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4B9A3C-6A5A-45C4-A490-C13CF6D6A867"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:facebook:hhvm:4.95.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18D33DC0-E6A7-4DC6-8E9A-2B85842EC21B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:facebook:hhvm:4.96.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B9078D-3C25-45B2-B5F2-59585A47BACB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:facebook:hhvm:4.97.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B8F5C11-8610-4099-8A45-E6241F3D24E0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:facebook:hhvm:4.98.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FF13C3-19DC-4F53-BF9D-38AC89D647D5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca",
      "source": "cve-assign@fb.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://hhvm.com/blog/2021/02/25/security-update.html",
      "source": "cve-assign@fb.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ]
    }
  ]
}