Candidate: CVE-2020-1888
PublicDate: 2020-03-03 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1888
 https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13
 https://hhvm.com/blog/2020/02/20/security-update.html
Description:
 Insufficient boundary checks when decoding JSON in handleBackslash reads
 out of bounds memory, potentially leading to DOS. This issue affects HHVM
 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between
 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0
 (inclusive), and versions prior to 4.8.7.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_hhvm:
upstream_hhvm: needs-triage
precise/esm_hhvm: DNE
trusty_hhvm: ignored (out of standard support)
trusty/esm_hhvm: DNE
xenial_hhvm: ignored (end of standard support, was needs-triage)
bionic_hhvm: needs-triage
eoan_hhvm: DNE
focal_hhvm: DNE
groovy_hhvm: DNE
hirsute_hhvm: DNE
impish_hhvm: DNE
jammy_hhvm: DNE
devel_hhvm: DNE