CVE-2020-1916
10.03.2021, 16:15
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hhvm | 𝑥 < 4.56.2 | |
| hhvm | 4.57.0 ≤ 𝑥 < 4.78.1 | |
| hhvm | 4.79.0 | |
| hhvm | 4.80.0 | |
| hhvm | 4.81.0 | |
| hhvm | 4.82.0 | |
| hhvm | 4.83.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.