CVE-2020-1916 - OpenCVE

An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Facebook	Hhvm

Configuration 1 [-]

OR	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm:4.79.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.80.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.81.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.82.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.83.0:::::::*

No data.

References

Link	Providers
https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4
https://hhvm.com/blog/2020/11/12/security-update.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: facebook

Published: 2021-03-10T15:50:27

Updated: 2024-08-04T06:54:00.370Z

Reserved: 2019-12-02T00:00:00

Link: CVE-2020-1916

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-03-10T16:15:14.173

Modified: 2021-03-17T19:01:09.137

Link: CVE-2020-1916

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HHVM", "vendor": "Facebook", "versions": [{"lessThan": "unspecified", "status": "unaffected", "version": "4.83.1", "versionType": "custom"}, {"status": "affected", "version": "4.83.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.82.1", "versionType": "custom"}, {"status": "affected", "version": "4.82.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.81.1", "versionType": "custom"}, {"status": "affected", "version": "4.81.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.80.1", "versionType": "custom"}, {"status": "affected", "version": "4.80.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.79.1", "versionType": "custom"}, {"status": "affected", "version": "4.79.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.78.1", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.57.0", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.56.2", "versionType": "custom"}, {"lessThan": "4.56.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "dateAssigned": "2020-10-30T00:00:00", "descriptions": [{"lang": "en", "value": "An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-10T15:50:27", "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://hhvm.com/blog/2020/11/12/security-update.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2020-10-30", "ID": "CVE-2020-1916", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HHVM", "version": {"version_data": [{"version_affected": "!>=", "version_value": "4.83.1"}, {"version_affected": "=", "version_value": "4.83.0"}, {"version_affected": "!>=", "version_value": "4.82.1"}, {"version_affected": "=", "version_value": "4.82.0"}, {"version_affected": "!>=", "version_value": "4.81.1"}, {"version_affected": "=", "version_value": "4.81.0"}, {"version_affected": "!>=", "version_value": "4.80.1"}, {"version_affected": "=", "version_value": "4.80.0"}, {"version_affected": "!>=", "version_value": "4.79.1"}, {"version_affected": "=", "version_value": "4.79.0"}, {"version_affected": "!>=", "version_value": "4.78.1"}, {"version_affected": ">=", "version_value": "4.57.0"}, {"version_affected": "!>=", "version_value": "4.56.2"}, {"version_affected": "<", "version_value": "4.56.2"}]}}]}, "vendor_name": "Facebook"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap-based Buffer Overflow (CWE-122)"}]}]}, "references": {"reference_data": [{"name": "https://hhvm.com/blog/2020/11/12/security-update.html", "refsource": "CONFIRM", "url": "https://hhvm.com/blog/2020/11/12/security-update.html"}, {"name": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4", "refsource": "MISC", "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:54:00.370Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://hhvm.com/blog/2020/11/12/security-update.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"}]}]}, "cveMetadata": {"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "assignerShortName": "facebook", "cveId": "CVE-2020-1916", "datePublished": "2021-03-10T15:50:27", "dateReserved": "2019-12-02T00:00:00", "dateUpdated": "2024-08-04T06:54:00.370Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "6711FFC9-F4D3-438B-B596-30FCB4EAF015", "versionEndExcluding": "4.56.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "14D6DF29-4414-4A07-99E9-1BD568EC77A7", "versionEndExcluding": "4.78.1", "versionStartIncluding": "4.57.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.79.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C83AAFF-2886-424B-A9BD-251B3AAC790B", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.80.0:*:*:*:*:*:*:*", "matchCriteriaId": "73B27B4A-CD40-4493-BDCD-27F6ADD6C65A", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.81.0:*:*:*:*:*:*:*", "matchCriteriaId": "5BD9447B-B287-484B-A14C-787F8481EBB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.82.0:*:*:*:*:*:*:*", "matchCriteriaId": "15825F25-22B8-4863-A4E0-AD2EE66FA12C", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.83.0:*:*:*:*:*:*:*", "matchCriteriaId": "A04923E1-4DCE-4E34-8238-99BCCEEF4791", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0."}, {"lang": "es", "value": "Un c\u00e1lculo de tama\u00f1o incorrecto en la funci\u00f3n ldap_escape puede conllevar a un desbordamiento de enteros cuando es pasada una entrada demasiado larga, resultando en una escritura fuera de l\u00edmites. Este problema afecta a HHVM versiones anteriores a 4.56.2, todas las versiones entre 4.57.0 y 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0"}], "id": "CVE-2020-1916", "lastModified": "2021-03-17T19:01:09.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-10T16:15:14.173", "references": [{"source": "cve-assign@fb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/facebook/hhvm/commit/abe0b29e4d3a610f9bc920b8be4ad8403364c2d4"}, {"source": "cve-assign@fb.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://hhvm.com/blog/2020/11/12/security-update.html"}], "sourceIdentifier": "cve-assign@fb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "cve-assign@fb.com", "type": "Secondary"}]}