CVE-2020-1892

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-1892
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1892.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1892
Downstream
Published
2020-03-03T15:15:11.993Z
Modified
2026-04-11T12:40:09.271629Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.

References

Affected packages

Git / github.com/facebook/hhvm

Affected ranges

Type
GIT
Repo
https://github.com/facebook/hhvm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
75ea519eea0fe679c4efd3af377f5250e54b6388
Introduced
0abb3b0c92e938bb7dac2d0c1603c5866e2a035b
Last affected
639027f066c5db1b684e400924b62dc1c803fda9
Introduced
8df1dd7ead93f50388145dd8d7734a69204b50a7
Last affected
543f523b787b6fe1415b2cbc63a0d1965249fb0c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1b6f9e26323e5c56090d17bd714cc2b73422760b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5ed764f894421e4805f4e152040185c4e934bcbf
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
db56116e9e8f2b6d952637b427aa14ae1399210d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00af7f52850f0c7c8b4c796002a73f97c0c68cae
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0bc170b923c0e6decfafe11145da85adee1a477a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0a1cf1804368b311781db1ec127e0deb674ff9d0
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9c6698440803448f5d8cf318d23d934ee473a54f
Fixed
dabd48caf74995e605f1700344f1ff4a5d83441d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.8.7"
        },
        {
            "introduced": "4.9.0"
        },
        {
            "last_affected": "4.32.0"
        },
        {
            "introduced": "4.33.0"
        },
        {
            "last_affected": "4.38.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.39.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.40.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.41.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.42.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.43.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.44.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.45.0"
        }
    ]
}

Affected versions

HHVM-4.*
HHVM-4.32.0
HHVM-4.38.0
HHVM-4.39.0
HHVM-4.40.0
HHVM-4.41.0
HHVM-4.42.0
HHVM-4.43.0
HHVM-4.44.0
HHVM-4.45.0
HHVM-4.8.0
HHVM-4.8.1
HHVM-4.8.2
HHVM-4.8.3
HHVM-4.8.4
HHVM-4.8.5
HHVM-4.8.6
HPHP-2.*
HPHP-2.1.0
gcc-4.*
gcc-4.6
nightly-2019.*
nightly-2019.03.28
nightly-2019.03.29
nightly-2019.03.30
nightly-2019.03.31
nightly-2019.04.01
nightly-2019.04.02
nightly-2019.04.03
nightly-2019.04.04
nightly-2019.04.05
nightly-2019.04.06
nightly-2019.04.07
nightly-2019.04.08
nightly-2019.04.09
nightly-2019.04.10
nightly-2019.04.11
nightly-2019.04.12
nightly-2019.04.13
nightly-2019.04.14
nightly-2019.04.15
nightly-2019.04.16
nightly-2019.04.17
nightly-2019.04.18
nightly-2019.04.19
nightly-2019.04.20
nightly-2019.04.21
nightly-2019.04.22
nightly-2019.04.23
nightly-2019.04.24
nightly-2019.04.25
nightly-2019.04.26
nightly-2019.04.27
nightly-2019.04.28
nightly-2019.04.29
nightly-2019.04.30
nightly-2019.05.01
nightly-2019.05.02
nightly-2019.05.03
nightly-2019.05.04
nightly-2019.05.05
nightly-2019.05.06
nightly-2019.05.07
nightly-2019.05.08
nightly-2019.05.09
nightly-2019.05.10
nightly-2019.05.11
nightly-2019.05.12
nightly-2019.05.13
nightly-2019.05.14
nightly-2019.05.15
nightly-2019.05.16
nightly-2019.05.17
nightly-2019.05.18
nightly-2019.05.19
nightly-2019.05.20
nightly-2019.05.21
nightly-2019.05.22
nightly-2019.05.23
nightly-2019.05.24
nightly-2019.05.25
nightly-2019.05.26
nightly-2019.05.27
nightly-2019.05.28
nightly-2019.05.29
nightly-2019.05.30
nightly-2019.05.31
nightly-2019.06.01
nightly-2019.06.02
nightly-2019.06.03
nightly-2019.06.04
nightly-2019.06.05
nightly-2019.06.06
nightly-2019.06.07
nightly-2019.06.08
nightly-2019.06.09
nightly-2019.06.10
nightly-2019.06.11
nightly-2019.06.12
nightly-2019.06.13
nightly-2019.06.14
nightly-2019.06.15
nightly-2019.06.16
nightly-2019.06.17
nightly-2019.06.18
nightly-2019.06.19
nightly-2019.06.20
nightly-2019.06.21
nightly-2019.06.22
nightly-2019.06.23
nightly-2019.06.24
nightly-2019.06.25
nightly-2019.06.26
nightly-2019.06.27
nightly-2019.06.28
nightly-2019.06.29
nightly-2019.06.30
nightly-2019.07.01
nightly-2019.07.02
nightly-2019.07.03
nightly-2019.07.04
nightly-2019.07.05
nightly-2019.07.06
nightly-2019.07.07
nightly-2019.07.08
nightly-2019.07.09
nightly-2019.07.10
nightly-2019.07.11
nightly-2019.07.12
nightly-2019.07.13
nightly-2019.07.14
nightly-2019.07.15
nightly-2019.07.16
nightly-2019.07.17
nightly-2019.07.18
nightly-2019.07.19
nightly-2019.07.20
nightly-2019.07.21
nightly-2019.07.22
nightly-2019.07.23
nightly-2019.07.24
nightly-2019.07.25
nightly-2019.07.26
nightly-2019.07.27
nightly-2019.07.28
nightly-2019.07.29
nightly-2019.07.30
nightly-2019.07.31
nightly-2019.08.01
nightly-2019.08.02
nightly-2019.08.03
nightly-2019.08.04
nightly-2019.08.05
nightly-2019.08.06
nightly-2019.08.07
nightly-2019.08.08
nightly-2019.08.09
nightly-2019.08.10
nightly-2019.08.11
nightly-2019.08.12
nightly-2019.08.13
nightly-2019.08.14
nightly-2019.08.15
nightly-2019.08.16
nightly-2019.08.17
nightly-2019.08.18
nightly-2019.08.19
nightly-2019.08.20
nightly-2019.08.21
nightly-2019.08.22
nightly-2019.08.23
nightly-2019.08.24
nightly-2019.08.25
nightly-2019.08.26
nightly-2019.08.27
nightly-2019.08.28
nightly-2019.08.29
nightly-2019.08.30
nightly-2019.08.31
nightly-2019.09.01
nightly-2019.09.02
nightly-2019.09.03
nightly-2019.09.04
nightly-2019.09.05
nightly-2019.09.06
nightly-2019.09.07
nightly-2019.09.08
nightly-2019.09.09
nightly-2019.09.10
nightly-2019.09.11
nightly-2019.09.12
nightly-2019.09.13
nightly-2019.09.14
nightly-2019.09.15
nightly-2019.09.16
nightly-2019.09.17
nightly-2019.09.18
nightly-2019.09.19
nightly-2019.09.20
nightly-2019.09.21
nightly-2019.09.22
nightly-2019.09.23
nightly-2019.09.24
nightly-2019.09.25
nightly-2019.09.26
nightly-2019.09.27
nightly-2019.09.28
nightly-2019.09.29
nightly-2019.09.30
nightly-2019.10.01
nightly-2019.10.02
nightly-2019.10.03
nightly-2019.10.04
nightly-2019.10.05
nightly-2019.10.06
nightly-2019.10.07
nightly-2019.10.08
nightly-2019.10.09
nightly-2019.10.10
nightly-2019.10.11
nightly-2019.10.12
nightly-2019.10.13
nightly-2019.10.14
nightly-2019.10.15
nightly-2019.10.16
nightly-2019.10.17
nightly-2019.10.18
nightly-2019.10.19
nightly-2019.10.20
nightly-2019.10.21
nightly-2019.10.22
nightly-2019.10.23
nightly-2019.10.24
nightly-2019.10.25
nightly-2019.10.26
nightly-2019.10.27
nightly-2019.10.28
nightly-2019.10.29
nightly-2019.10.30
nightly-2019.10.31
nightly-2019.11.01
nightly-2019.11.02
nightly-2019.11.03
nightly-2019.11.04
nightly-2019.11.05
nightly-2019.11.06
nightly-2019.11.07
nightly-2019.11.08
nightly-2019.11.09
nightly-2019.11.10
nightly-2019.11.11
nightly-2019.11.12
nightly-2019.11.13
nightly-2019.11.14
nightly-2019.11.15
nightly-2019.11.16
nightly-2019.11.17
nightly-2019.11.18
nightly-2019.11.19
nightly-2019.11.20
nightly-2019.11.21
nightly-2019.11.22
nightly-2019.11.23
nightly-2019.11.24
nightly-2019.11.25
nightly-2019.11.26
nightly-2019.11.27
nightly-2019.11.28
nightly-2019.11.29
nightly-2019.11.30
nightly-2019.12.01
nightly-2019.12.02
nightly-2019.12.03
nightly-2019.12.04
nightly-2019.12.05
nightly-2019.12.06
nightly-2019.12.07
nightly-2019.12.08
nightly-2019.12.09
nightly-2019.12.10
nightly-2019.12.11
nightly-2019.12.12
nightly-2019.12.13
nightly-2019.12.14
nightly-2019.12.15
nightly-2019.12.16
nightly-2019.12.17
nightly-2019.12.18
nightly-2019.12.19
nightly-2019.12.20
nightly-2019.12.21
nightly-2019.12.22
nightly-2019.12.23
nightly-2019.12.24
nightly-2019.12.25
nightly-2019.12.26
nightly-2019.12.27
nightly-2019.12.28
nightly-2019.12.29
nightly-2019.12.30
nightly-2019.12.31
nightly-2020.*
nightly-2020.01.01
nightly-2020.01.02
nightly-2020.01.03
nightly-2020.01.04
nightly-2020.01.05
nightly-2020.01.06
nightly-2020.01.07
nightly-2020.01.08
nightly-2020.01.09
nightly-2020.01.10
nightly-2020.01.11
nightly-2020.01.12
nightly-2020.01.13
nightly-2020.01.14
nightly-2020.01.15
nightly-2020.01.16
nightly-2020.01.17
nightly-2020.01.18
nightly-2020.01.19
nightly-2020.01.20
nightly-2020.01.21
nightly-2020.01.22
nightly-2020.01.23
nightly-2020.01.24
nightly-2020.01.25
nightly-2020.01.26
nightly-2020.01.27
nightly-2020.01.28
nightly-2020.01.29
nightly-2020.01.30
nightly-2020.01.31
nightly-2020.02.01
nightly-2020.02.02
nightly-2020.02.03
nightly-2020.02.04
nightly-2020.02.05
nightly-2020.02.06
nightly-2020.02.07
nightly-2020.02.08
nightly-2020.02.09
nightly-2020.02.10
nightly-2020.02.11
nightly-2020.02.12
nightly-2020.02.13
nightly-2020.02.14
nightly-2020.02.15
nightly-2020.02.16
nightly-2020.02.17
nightly-2020.02.18
nightly-2020.02.19
nightly-2020.02.20
Other
pre-hhvm
src-hphp

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2020-1892-bc8d1bcb",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "35277905984828142678405027506296893309",
            "length": 9524.0
        },
        "source": "https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d",
        "target": {
            "function": "JSON_parser",
            "file": "hphp/runtime/ext/json/JSON_parser.cpp"
        },
        "deprecated": false
    },
    {
        "id": "CVE-2020-1892-c2025f85",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "45691113506081497345613918569316305692",
                "191599647334808312776973754716543424075",
                "331811249916197529229843072433784836645",
                "169245565843108794757193691464584637574"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/facebook/hhvm/commit/dabd48caf74995e605f1700344f1ff4a5d83441d",
        "target": {
            "file": "hphp/runtime/ext/json/JSON_parser.cpp"
        },
        "deprecated": false
    },
    {
        "id": "CVE-2020-1892-ea8c35e1",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "94241718375072390049514553484705121889",
                "202283354718075733938286784465843663220",
                "328155670994027392479458866869178825570",
                "140335216194151808759673220052749435881"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/facebook/hhvm/commit/75ea519eea0fe679c4efd3af377f5250e54b6388",
        "target": {
            "file": "hphp/runtime/version.h"
        },
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1892.json"
vanir_signatures_modified 
"2026-04-11T12:40:09Z"