GCVE - cpe:2.3:a:facebook:folly:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:facebook:folly:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Facebook (`c319c35a-3469-5baa-b3bd-8582d1206a92`)
Product	Folly (`719cfaea-a01c-5b7b-a82f-3e2c04087f78`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/facebook/folly`	purl2cpe	2026-06-01 10:11:42.867907

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-24036`	vulnerable	2026-06-03 14:43:55.996705	Details available Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1. Published: 2021-07-23T00:30:16.000Z Updated: 2024-08-03T19:21:17.359Z Open on db.gcve.eu Reference links https://hhvm.com/blog/2021/07/20/security-update.html https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 https://www.facebook.com/security/advisories/cve-2021-24036	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24036`	not_vulnerable	2026-06-03 14:43:55.996624	Details available Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1. Published: 2021-07-23T00:30:16.000Z Updated: 2024-08-03T19:21:17.359Z Open on db.gcve.eu Reference links https://hhvm.com/blog/2021/07/20/security-update.html https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 https://www.facebook.com/security/advisories/cve-2021-24036	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11934`	vulnerable	2026-06-03 14:39:34.049797	Details available Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00. Published: 2019-12-04T16:25:20.000Z Updated: 2024-08-04T23:10:29.583Z Open on db.gcve.eu Reference links https://github.com/facebook/folly/commit/c321eb588909646c15aefde035fd3133ba32cdee https://www.facebook.com/security/advisories/cve-2019-11934	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-6337`	vulnerable	2026-06-03 14:39:00.155421	Details available folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00. Published: 2018-12-31T22:00:00.000Z Updated: 2025-05-06T16:39:21.216Z Open on db.gcve.eu Reference links https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html https://github.com/facebook/folly/commit/8e927ee48b114c8a2f90d0cbd5ac753795a6761f https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.