Facebook HHVM 4.94.0
Approved changes feed: RSS · Atom
cpe:2.3:a:facebook:hhvm:4.94.0:*:*:*:*:*:*:*
part: a version: 4.94.0 update: *
| Vendor | Facebook (c319c35a-3469-5baa-b3bd-8582d1206a92) |
|---|---|
| Product | Hhvm (f2db6c03-3315-587d-a49f-0af5739172b6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/facebook/hhvm |
purl2cpe | 2026-06-01 10:11:42.804249 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-24025 |
vulnerable | 2026-06-03 14:43:55.973732 |
Details available
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
Published: 2021-03-10T15:50:30.000Z
Updated: 2024-08-03T19:14:10.116Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-1921 |
vulnerable | 2026-06-03 14:41:59.067942 |
Details available
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
Published: 2021-03-10T15:50:30.000Z
Updated: 2024-08-04T06:54:00.475Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-1919 |
vulnerable | 2026-06-03 14:41:59.064881 |
Details available
Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
Published: 2021-03-10T15:50:29.000Z
Updated: 2024-08-04T06:53:59.858Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-1918 |
vulnerable | 2026-06-03 14:41:59.064371 |
Details available
In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
Published: 2021-03-10T15:50:28.000Z
Updated: 2024-08-04T06:53:59.798Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-1917 |
vulnerable | 2026-06-03 14:41:59.061640 |
Details available
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
Published: 2021-03-10T15:50:28.000Z
Updated: 2024-08-04T06:53:59.921Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.