Facebook HHVM 4.79.0

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:facebook:hhvm:4.79.0:*:*:*:*:*:*:*

part: a version: 4.79.0 update: *

VendorFacebook (c319c35a-3469-5baa-b3bd-8582d1206a92)
ProductHhvm (f2db6c03-3315-587d-a49f-0af5739172b6)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/facebook/hhvm purl2cpe 2026-06-01 10:11:42.804195

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-1916 vulnerable 2026-06-03 14:41:59.057678 Details available
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.
Published: 2021-03-10T15:50:27.000Z
Updated: 2024-08-04T06:54:00.370Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-3556 vulnerable 2026-06-03 14:40:26.566943 Details available
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.
Published: 2021-10-26T20:05:10.000Z
Updated: 2024-08-04T19:12:09.554Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.