Candidate: CVE-2020-1919
PublicDate: 2021-03-10 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1919
 https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca
 https://hhvm.com/blog/2021/02/25/security-update.html
Description:
 Incorrect bounds calculations in substr_compare could lead to an
 out-of-bounds read when the second string argument passed in is longer than
 the first. This issue affects HHVM versions prior to 4.56.3, all versions
 between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and
 versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_hhvm:
upstream_hhvm: needs-triage
precise/esm_hhvm: DNE
trusty_hhvm: ignored (out of standard support)
trusty/esm_hhvm: DNE
xenial_hhvm: ignored (end of standard support, was needs-triage)
bionic_hhvm: needs-triage
focal_hhvm: DNE
groovy_hhvm: DNE
hirsute_hhvm: DNE
impish_hhvm: DNE
jammy_hhvm: DNE
devel_hhvm: DNE