Vulnerability Description
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hhvm | < 4.32.3 |
Related Weaknesses (CWE)
References
- https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3PatchThird Party Advisory
- https://hhvm.com/blog/2020/06/30/security-update.htmlVendor Advisory
- https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3PatchThird Party Advisory
- https://hhvm.com/blog/2020/06/30/security-update.htmlVendor Advisory
FAQ
What is CVE-2020-1900?
CVE-2020-1900 is a vulnerability with a CVSS score of 9.8 (CRITICAL). When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalida...
How severe is CVE-2020-1900?
CVE-2020-1900 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-1900?
Check the references section above for vendor advisories and patch information. Affected products include: Facebook Hhvm.