CVE-2021-24025 - OpenCVE

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Facebook	Hhvm

Configuration 1 [-]

OR	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm:4.94.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.95.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.96.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.97.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.98.0:::::::*

No data.

References

Link	Providers
https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca
https://hhvm.com/blog/2021/02/25/security-update.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: facebook

Published: 2021-03-10T15:50:30

Updated: 2024-08-03T19:14:10.116Z

Reserved: 2021-01-13T00:00:00

Link: CVE-2021-24025

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-03-10T16:15:16.750

Modified: 2021-03-16T12:45:19.033

Link: CVE-2021-24025

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HHVM", "vendor": "Facebook", "versions": [{"lessThan": "unspecified", "status": "unaffected", "version": "4.98.1", "versionType": "custom"}, {"status": "affected", "version": "4.98.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.97.1", "versionType": "custom"}, {"status": "affected", "version": "4.97.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.96.1", "versionType": "custom"}, {"status": "affected", "version": "4.96.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.95.1", "versionType": "custom"}, {"status": "affected", "version": "4.95.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.94.1", "versionType": "custom"}, {"status": "affected", "version": "4.94.0"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.93.2", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.81.0", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.80.2", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.57.0", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unaffected", "version": "4.56.3", "versionType": "custom"}, {"lessThan": "4.56.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "dateAssigned": "2021-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-10T15:50:30", "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hhvm.com/blog/2021/02/25/security-update.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2021-01-27", "ID": "CVE-2021-24025", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HHVM", "version": {"version_data": [{"version_affected": "!>=", "version_value": "4.98.1"}, {"version_affected": "=", "version_value": "4.98.0"}, {"version_affected": "!>=", "version_value": "4.97.1"}, {"version_affected": "=", "version_value": "4.97.0"}, {"version_affected": "!>=", "version_value": "4.96.1"}, {"version_affected": "=", "version_value": "4.96.0"}, {"version_affected": "!>=", "version_value": "4.95.1"}, {"version_affected": "=", "version_value": "4.95.0"}, {"version_affected": "!>=", "version_value": "4.94.1"}, {"version_affected": "=", "version_value": "4.94.0"}, {"version_affected": "!>=", "version_value": "4.93.2"}, {"version_affected": ">=", "version_value": "4.81.0"}, {"version_affected": "!>=", "version_value": "4.80.2"}, {"version_affected": ">=", "version_value": "4.57.0"}, {"version_affected": "!>=", "version_value": "4.56.3"}, {"version_affected": "<", "version_value": "4.56.3"}]}}]}, "vendor_name": "Facebook"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap-based Buffer Overflow (CWE-122)"}]}]}, "references": {"reference_data": [{"name": "https://hhvm.com/blog/2021/02/25/security-update.html", "refsource": "MISC", "url": "https://hhvm.com/blog/2021/02/25/security-update.html"}, {"name": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca", "refsource": "MISC", "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:14:10.116Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hhvm.com/blog/2021/02/25/security-update.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"}]}]}, "cveMetadata": {"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "assignerShortName": "facebook", "cveId": "CVE-2021-24025", "datePublished": "2021-03-10T15:50:30", "dateReserved": "2021-01-13T00:00:00", "dateUpdated": "2024-08-03T19:14:10.116Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "069C0B7D-5233-4EFF-BBA7-8B84D9227044", "versionEndExcluding": "4.56.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5E6E1A7-225A-4C45-9E2D-5ED55BA3AEA3", "versionEndIncluding": "4.80.1", "versionStartIncluding": "4.57.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "9470E6A8-E2CB-4C72-8FEF-5CFF04E7E3C3", "versionEndIncluding": "4.93.1", "versionStartIncluding": "4.81.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.94.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C4B9A3C-6A5A-45C4-A490-C13CF6D6A867", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.95.0:*:*:*:*:*:*:*", "matchCriteriaId": "18D33DC0-E6A7-4DC6-8E9A-2B85842EC21B", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.96.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0B9078D-3C25-45B2-B5F2-59585A47BACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.97.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B8F5C11-8610-4099-8A45-E6241F3D24E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.98.0:*:*:*:*:*:*:*", "matchCriteriaId": "47FF13C3-19DC-4F53-BF9D-38AC89D647D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."}, {"lang": "es", "value": "Debido a c\u00e1lculos de tama\u00f1o de cadena incorrectos dentro de la funci\u00f3n preg_quote, una cadena de entrada grande pasada a la funci\u00f3n puede desencadenar un desbordamiento de enteros que conlleva a un desbordamiento de la pila. Este problema afecta a versiones de HHVM anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0"}], "id": "CVE-2021-24025", "lastModified": "2021-03-16T12:45:19.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-10T16:15:16.750", "references": [{"source": "cve-assign@fb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"}, {"source": "cve-assign@fb.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://hhvm.com/blog/2021/02/25/security-update.html"}], "sourceIdentifier": "cve-assign@fb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "cve-assign@fb.com", "type": "Secondary"}]}