fkie_cve-2021-24025
Vulnerability from fkie_nvd
Published
2021-03-10 16:15
Modified
2024-11-21 05:52
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
References
cve-assign@fb.comhttps://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44caPatch, Third Party Advisory
cve-assign@fb.comhttps://hhvm.com/blog/2021/02/25/security-update.htmlRelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44caPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hhvm.com/blog/2021/02/25/security-update.htmlRelease Notes, Third Party Advisory
Impacted products
Vendor Product Version
facebook hhvm *
facebook hhvm *
facebook hhvm *
facebook hhvm 4.94.0
facebook hhvm 4.95.0
facebook hhvm 4.96.0
facebook hhvm 4.97.0
facebook hhvm 4.98.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "069C0B7D-5233-4EFF-BBA7-8B84D9227044",
              "versionEndExcluding": "4.56.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E6E1A7-225A-4C45-9E2D-5ED55BA3AEA3",
              "versionEndIncluding": "4.80.1",
              "versionStartIncluding": "4.57.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9470E6A8-E2CB-4C72-8FEF-5CFF04E7E3C3",
              "versionEndIncluding": "4.93.1",
              "versionStartIncluding": "4.81.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:facebook:hhvm:4.94.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4B9A3C-6A5A-45C4-A490-C13CF6D6A867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:facebook:hhvm:4.95.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18D33DC0-E6A7-4DC6-8E9A-2B85842EC21B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:facebook:hhvm:4.96.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B9078D-3C25-45B2-B5F2-59585A47BACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:facebook:hhvm:4.97.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B8F5C11-8610-4099-8A45-E6241F3D24E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:facebook:hhvm:4.98.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FF13C3-19DC-4F53-BF9D-38AC89D647D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."
    },
    {
      "lang": "es",
      "value": "Debido a c\u00e1lculos de tama\u00f1o de cadena incorrectos dentro de la funci\u00f3n preg_quote, una cadena de entrada grande pasada a la funci\u00f3n puede desencadenar un desbordamiento de enteros que conlleva a un desbordamiento de la pila.\u0026#xa0;Este problema afecta a versiones de HHVM anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0"
    }
  ],
  "id": "CVE-2021-24025",
  "lastModified": "2024-11-21T05:52:14.053",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-10T16:15:16.750",
  "references": [
    {
      "source": "cve-assign@fb.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
    },
    {
      "source": "cve-assign@fb.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://hhvm.com/blog/2021/02/25/security-update.html"
    }
  ],
  "sourceIdentifier": "cve-assign@fb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "cve-assign@fb.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.