CVE-2020-1899
11.03.2021, 01:15
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hhvm | 𝑥 < 4.32.3 | |
| hhvm | 4.33.0 ≤ 𝑥 < 4.56.1 | |
| hhvm | 4.57.0 | |
| hhvm | 4.58.0 | |
| hhvm | 4.58.1 | |
| hhvm | 4.59.0 | |
| hhvm | 4.60.0 | |
| hhvm | 4.61.0 | |
| hhvm | 4.62.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-822 - Untrusted Pointer DereferenceThe program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.