Vulnerabilities > Facebook > Hhvm > 3.28.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-10 | CVE-2020-1917 | Out-of-bounds Write vulnerability in Facebook Hhvm xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. | 9.8 |
| 2021-03-10 | CVE-2020-1916 | Out-of-bounds Write vulnerability in Facebook Hhvm An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. | 9.8 |
| 2020-03-03 | CVE-2020-1893 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. | 7.5 |
| 2020-03-03 | CVE-2020-1892 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. | 8.1 |
| 2020-03-03 | CVE-2020-1888 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. | 7.5 |
| 2019-12-04 | CVE-2019-11936 | Unspecified vulnerability in Facebook Hhvm Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. | 9.8 |
| 2019-12-04 | CVE-2019-11935 | Classic Buffer Overflow vulnerability in Facebook Hhvm Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. | 9.8 |
| 2019-12-04 | CVE-2019-11930 | Release of Invalid Pointer or Reference vulnerability in Facebook Hhvm An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. | 9.8 |
| 2019-10-02 | CVE-2019-11929 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. | 9.8 |
| 2019-09-06 | CVE-2019-11926 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. | 9.8 |