Candidate: CVE-2021-24036
PublicDate: 2021-07-23 01:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24036
 https://hhvm.com/blog/2021/07/20/security-update.html
 https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3
 https://www.facebook.com/security/advisories/cve-2021-24036
Description:
 Passing an attacker controlled size when creating an IOBuf could cause
 integer overflow, leading to an out of bounds write on the heap with the
 possibility of remote code execution. This issue affects versions of folly
 prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5,
 all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and
 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and
 4.118.1.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_hhvm:
upstream_hhvm: needs-triage
trusty_hhvm: ignored (out of standard support)
trusty/esm_hhvm: DNE
xenial_hhvm: ignored (out of standard support)
bionic_hhvm: needs-triage
focal_hhvm: DNE
hirsute_hhvm: DNE
impish_hhvm: DNE
jammy_hhvm: DNE
devel_hhvm: DNE