CVE-2020-1888
- Source
- https://cve.org/CVERecord?id=CVE-2020-1888
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1888.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-1888
- Downstream
- Published
- 2020-03-03T15:15:11.883Z
- Modified
- 2026-03-14T10:15:02.197989Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
- References
Affected packages
Git / github.com/facebook/hhvm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hhvm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "4.8.7" }, { "introduced": "4.9.0" }, { "last_affected": "4.32.0" }, { "introduced": "4.33.0" }, { "last_affected": "4.38.0" }, { "introduced": "0" }, { "last_affected": "4.39.0" }, { "introduced": "0" }, { "last_affected": "4.40.0" }, { "introduced": "0" }, { "last_affected": "4.41.0" }, { "introduced": "0" }, { "last_affected": "4.42.0" }, { "introduced": "0" }, { "last_affected": "4.43.0" }, { "introduced": "0" }, { "last_affected": "4.44.0" }, { "introduced": "0" }, { "last_affected": "4.45.0" } ] }
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1888.json"
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2020-1888-5e4c2ef7",
"source": "https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13",
"signature_version": "v1",
"target": {
"file": "hphp/runtime/ext/json/JSON_parser.cpp"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"253300345033833824648681931010887940210",
"323252071051621740325063727887978820026",
"30092081122455680424502200720017557775",
"4694736965073798775260577777545583703",
"289483391976236989165392546243082264219",
"294574240356151962882517616397669921396",
"318621315425022735603688703224263581423",
"70885010345768735145357321360228283103",
"321190195641690808215972738970428636376",
"49091889793634698122077976024893724490"
]
}
},
{
"signature_type": "Line",
"id": "CVE-2020-1888-ea8c35e1",
"source": "https://github.com/facebook/hhvm/commit/75ea519eea0fe679c4efd3af377f5250e54b6388",
"signature_version": "v1",
"target": {
"file": "hphp/runtime/version.h"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"94241718375072390049514553484705121889",
"202283354718075733938286784465843663220",
"328155670994027392479458866869178825570",
"140335216194151808759673220052749435881"
]
}
}
]