cbcvebase.
CVE-2020-1892
published 2020-03-03

CVE-2020-1892: Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS…

PriorityP338high8.1CVSS 3.1
AVNACLPRNUIRSUCHINAH
EPSS
1.09%
61.4th percentile
Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

Affected

23 ranges
VendorProductVersion rangeFixed in
facebookhhvm< 4.8.74.8.7
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm>= 4.33.0 < unspecifiedunspecified
facebookhhvm4.33.0 – 4.38.0
facebookhhvm>= 4.9.0 < unspecifiedunspecified
facebookhhvm4.9.0 – 4.32.0
facebookhhvmunspecified – 4.8.6

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.