Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1917

Опубликовано: 10 мар. 2021
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*
Версия до 4.56.3 (исключая)
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*
Версия от 4.57.0 (включая) до 4.80.2 (исключая)
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*
Версия от 4.81.0 (включая) до 4.93.2 (исключая)
cpe:2.3:a:facebook:hhvm:4.94.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.95.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.96.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.97.0:*:*:*:*:*:*:*
cpe:2.3:a:facebook:hhvm:4.98.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%
0.00746
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-122
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2020-1917

CVSS3: 9.8
ubuntu
почти 5 лет назад

xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

debian логотип

CVE-2020-1917

CVSS3: 9.8
debian
почти 5 лет назад

xbuf_format_converter, used as part of exif_read_data, was appending a ...

github логотип

GHSA-gf82-22g8-prc5

CVSS3: 9.8
github
больше 3 лет назад

xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

EPSS

Процентиль: 73%
0.00746
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-122
CWE-787