cbcvebase.
CVE-2020-1893
published 2020-03-03

CVE-2020-1893: Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0…

PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.15%
62.8th percentile
Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

Affected

23 ranges
VendorProductVersion rangeFixed in
facebookhhvm< 4.8.74.8.7
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm
facebookhhvm>= 4.33.0 < unspecifiedunspecified
facebookhhvm4.33.0 – 4.38.0
facebookhhvm>= 4.9.0 < unspecifiedunspecified
facebookhhvm4.9.0 – 4.32.0
facebookhhvmunspecified – 4.8.6

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.