CVE-2020-1899 (GCVE-0-2020-1899)
Vulnerability from cvelistv5 – Published: 2021-03-11 00:55 – Updated: 2024-08-04 06:53
VLAI?
Summary
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
Severity ?
No CVSS data available.
CWE
- CWE-822 - Untrusted Pointer Dereference (CWE-822)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HHVM |
Unaffected:
4.62.1 , < unspecified
(custom)
Affected: 4.62.0 Unaffected: 4.61.1 , < unspecified (custom) Affected: 4.61.0 Unaffected: 4.60.1 , < unspecified (custom) Affected: 4.60.0 Unaffected: 4.59.1 , < unspecified (custom) Affected: 4.59.0 Unaffected: 4.58.2 , < unspecified (custom) Affected: 4.58.0 , < unspecified (custom) Unaffected: 4.57.1 , < unspecified (custom) Affected: 4.57.0 Unaffected: 4.56.1 , < unspecified (custom) Affected: 4.33.0 , < unspecified (custom) Unaffected: 4.32.3 , < unspecified (custom) Affected: unspecified , < 4.32.3 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://hhvm.com/blog/2020/06/30/security-update.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HHVM",
"vendor": "Facebook",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.62.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.62.0"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.61.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.61.0"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.60.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.60.0"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.59.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.59.0"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.58.2",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.58.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.57.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.57.0"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.56.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.32.3",
"versionType": "custom"
},
{
"lessThan": "4.32.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2020-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The unserialize() function supported a type code, \"S\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "Untrusted Pointer Dereference (CWE-822)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-11T00:55:19",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://hhvm.com/blog/2020/06/30/security-update.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-06-10",
"ID": "CVE-2020-1899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!\u003e=",
"version_value": "4.62.1"
},
{
"version_affected": "=",
"version_value": "4.62.0"
},
{
"version_affected": "!\u003e=",
"version_value": "4.61.1"
},
{
"version_affected": "=",
"version_value": "4.61.0"
},
{
"version_affected": "!\u003e=",
"version_value": "4.60.1"
},
{
"version_affected": "=",
"version_value": "4.60.0"
},
{
"version_affected": "!\u003e=",
"version_value": "4.59.1"
},
{
"version_affected": "=",
"version_value": "4.59.0"
},
{
"version_affected": "!\u003e=",
"version_value": "4.58.2"
},
{
"version_affected": "\u003e=",
"version_value": "4.58.0"
},
{
"version_affected": "!\u003e=",
"version_value": "4.57.1"
},
{
"version_affected": "=",
"version_value": "4.57.0"
},
{
"version_affected": "!\u003e=",
"version_value": "4.56.1"
},
{
"version_affected": "\u003e=",
"version_value": "4.33.0"
},
{
"version_affected": "!\u003e=",
"version_value": "4.32.3"
},
{
"version_affected": "\u003c",
"version_value": "4.32.3"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unserialize() function supported a type code, \"S\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference (CWE-822)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hhvm.com/blog/2020/06/30/security-update.html",
"refsource": "CONFIRM",
"url": "https://hhvm.com/blog/2020/06/30/security-update.html"
},
{
"name": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9",
"refsource": "MISC",
"url": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2020-1899",
"datePublished": "2021-03-11T00:55:19",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.32.3\", \"matchCriteriaId\": \"D2372F3F-5757-4097-BA67-61D7597F6D65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.33.0\", \"versionEndExcluding\": \"4.56.1\", \"matchCriteriaId\": \"E83916FC-54F0-4A1B-99AD-0B81774170EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hhvm:4.57.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F80C7A6-7FD9-4EAB-8533-F5C8ABF9F258\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hhvm:4.58.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2006DF19-68B4-4139-AAAF-7F81B9742DA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hhvm:4.58.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A9D0CEF-7EC2-421B-A45D-48D9663DB60B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hhvm:4.59.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"169B4C73-75D5-46FD-BADB-384ABFB9A6C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hhvm:4.60.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A48FC296-D7B6-4B58-A386-9F5F5F6294AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hhvm:4.61.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F702D76-27C2-4798-BF3C-242906E8E697\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:facebook:hhvm:4.62.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC078675-9A81-4B74-8818-0FFE9AF66296\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The unserialize() function supported a type code, \\\"S\\\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n unserialize() admit\\u00eda un c\\u00f3digo de tipo, \\\"S\\\", que estaba destinado a ser admitido solo para la serializaci\\u00f3n APC.\u0026#xa0;Este c\\u00f3digo de tipo permit\\u00eda acceder a direcciones de memoria arbitrarias como si fueran objetos StringData est\\u00e1ticos.\u0026#xa0;Este problema afect\\u00f3 a HHVM versiones anteriores a v4.32.3, entre las versiones 4.33.0 y 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0\"}]",
"id": "CVE-2020-1899",
"lastModified": "2024-11-21T05:11:34.420",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-03-11T01:15:14.333",
"references": "[{\"url\": \"https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9\", \"source\": \"cve-assign@fb.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hhvm.com/blog/2020/06/30/security-update.html\", \"source\": \"cve-assign@fb.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hhvm.com/blog/2020/06/30/security-update.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cve-assign@fb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-822\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-1899\",\"sourceIdentifier\":\"cve-assign@fb.com\",\"published\":\"2021-03-11T01:15:14.333\",\"lastModified\":\"2024-11-21T05:11:34.420\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The unserialize() function supported a type code, \\\"S\\\", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n unserialize() admit\u00eda un c\u00f3digo de tipo, \\\"S\\\", que estaba destinado a ser admitido solo para la serializaci\u00f3n APC.\u0026#xa0;Este c\u00f3digo de tipo permit\u00eda acceder a direcciones de memoria arbitrarias como si fueran objetos StringData est\u00e1ticos.\u0026#xa0;Este problema afect\u00f3 a HHVM versiones anteriores a v4.32.3, entre las versiones 4.33.0 y 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-assign@fb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-822\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.32.3\",\"matchCriteriaId\":\"D2372F3F-5757-4097-BA67-61D7597F6D65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.33.0\",\"versionEndExcluding\":\"4.56.1\",\"matchCriteriaId\":\"E83916FC-54F0-4A1B-99AD-0B81774170EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:4.57.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F80C7A6-7FD9-4EAB-8533-F5C8ABF9F258\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:4.58.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2006DF19-68B4-4139-AAAF-7F81B9742DA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:4.58.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A9D0CEF-7EC2-421B-A45D-48D9663DB60B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:4.59.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"169B4C73-75D5-46FD-BADB-384ABFB9A6C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:4.60.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A48FC296-D7B6-4B58-A386-9F5F5F6294AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:4.61.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F702D76-27C2-4798-BF3C-242906E8E697\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:hhvm:4.62.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC078675-9A81-4B74-8818-0FFE9AF66296\"}]}]}],\"references\":[{\"url\":\"https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hhvm.com/blog/2020/06/30/security-update.html\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hhvm.com/blog/2020/06/30/security-update.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…