Vulnerability Description
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Folly | < 2021.07.22.00 | |
| Hhvm | < 4.80.5 |
Related Weaknesses (CWE)
References
- https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7dPatchThird Party Advisory
- https://hhvm.com/blog/2021/07/20/security-update.htmlProductVendor Advisory
- https://www.facebook.com/security/advisories/cve-2021-24036Vendor Advisory
- https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7dPatchThird Party Advisory
- https://hhvm.com/blog/2021/07/20/security-update.htmlProductVendor Advisory
- https://www.facebook.com/security/advisories/cve-2021-24036Vendor Advisory
FAQ
What is CVE-2021-24036?
CVE-2021-24036 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects...
How severe is CVE-2021-24036?
CVE-2021-24036 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-24036?
Check the references section above for vendor advisories and patch information. Affected products include: Facebook Folly, Facebook Hhvm.