Filtered by vendor Facebook
Subscribe
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24025 | 1 Facebook | 1 Hhvm | 2021-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1918 | 1 Facebook | 1 Hhvm | 2021-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1919 | 1 Facebook | 1 Hhvm | 2021-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1921 | 1 Facebook | 1 Hhvm | 2021-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1915 | 1 Facebook | 1 Hermes | 2020-11-02 | 4.3 MEDIUM | 7.5 HIGH |
| An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2019-11922 | 1 Facebook | 1 Zstandard | 2020-10-20 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. | |||||
| CVE-2019-3563 | 1 Facebook | 1 Wangle | 2020-10-16 | 7.5 HIGH | 9.8 CRITICAL |
| Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00 | |||||
| CVE-2019-3570 | 1 Facebook | 1 Hiphop Virtual Machine | 2020-10-16 | 7.5 HIGH | 9.8 CRITICAL |
| Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | |||||
| CVE-2018-6345 | 1 Facebook | 1 Hhvm | 2020-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below). | |||||
| CVE-2020-1913 | 1 Facebook | 1 Hermes | 2020-09-15 | 6.8 MEDIUM | 8.1 HIGH |
| An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2020-1911 | 1 Facebook | 1 Hermes | 2020-09-11 | 6.8 MEDIUM | 9.8 CRITICAL |
| A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2019-11937 | 1 Facebook | 1 Mcrouter | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | |||||
| CVE-2019-11923 | 1 Facebook | 1 Mcrouter | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service. | |||||
| CVE-2019-11924 | 1 Facebook | 1 Fizz | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00. | |||||
| CVE-2020-1897 | 1 Facebook | 1 Proxygen | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00. | |||||
| CVE-2020-1895 | 1 Facebook | 1 Instagram | 2020-04-10 | 6.8 MEDIUM | 7.8 HIGH |
| A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128. | |||||
| CVE-2019-11939 | 1 Facebook | 1 Thrift | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. | |||||
| CVE-2019-3553 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. | |||||
| CVE-2019-11938 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. | |||||
| CVE-2016-1000109 | 1 Facebook | 1 Hhvm | 2020-03-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive). | |||||