Candidate: CVE-2020-1892
PublicDate: 2020-03-03 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1892
 https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d
 https://hhvm.com/blog/2020/02/20/security-update.html
Description:
 Insufficient boundary checks when decoding JSON in JSON_parser allows read
 access to out of bounds memory, potentially leading to information leak and
 DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0,
 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions
 between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H [8.1 HIGH]


Patches_hhvm:
upstream_hhvm: needs-triage
precise/esm_hhvm: DNE
trusty_hhvm: ignored (out of standard support)
trusty/esm_hhvm: DNE
xenial_hhvm: ignored (end of standard support, was needs-triage)
bionic_hhvm: needs-triage
eoan_hhvm: DNE
focal_hhvm: DNE
groovy_hhvm: DNE
hirsute_hhvm: DNE
impish_hhvm: DNE
jammy_hhvm: DNE
devel_hhvm: DNE