When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
{
"cpe": [
"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*",
"cpe:2.3:a:facebook:hhvm:4.57.0:*:*:*:*:*:*:*",
"cpe:2.3:a:facebook:hhvm:4.58.0:*:*:*:*:*:*:*",
"cpe:2.3:a:facebook:hhvm:4.58.1:*:*:*:*:*:*:*",
"cpe:2.3:a:facebook:hhvm:4.59.0:*:*:*:*:*:*:*",
"cpe:2.3:a:facebook:hhvm:4.60.0:*:*:*:*:*:*:*",
"cpe:2.3:a:facebook:hhvm:4.61.0:*:*:*:*:*:*:*",
"cpe:2.3:a:facebook:hhvm:4.62.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "4.32.3"
},
{
"introduced": "4.33.0"
},
{
"fixed": "4.56.1"
},
{
"introduced": "4.57.0"
},
{
"last_affected": "4.57.0"
},
{
"introduced": "4.58.0"
},
{
"last_affected": "4.58.0"
},
{
"introduced": "4.58.1"
},
{
"last_affected": "4.58.1"
},
{
"introduced": "4.59.0"
},
{
"last_affected": "4.59.0"
},
{
"introduced": "4.60.0"
},
{
"last_affected": "4.60.0"
},
{
"introduced": "4.61.0"
},
{
"last_affected": "4.61.0"
},
{
"introduced": "4.62.0"
},
{
"last_affected": "4.62.0"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}[
{
"source": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"15087195484119549554939185744270694969",
"247740747057664256062925961828700856466",
"5649611835980604045452791483973726846"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-1900-12916571",
"target": {
"file": "hphp/runtime/base/variable-unserializer.cpp"
}
},
{
"source": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "150732268746904783890200202889608657611",
"length": 931.0
},
"deprecated": false,
"id": "CVE-2020-1900-5aecfeb3",
"target": {
"function": "VariableUnserializer::unserializeProp",
"file": "hphp/runtime/base/variable-unserializer.cpp"
}
},
{
"source": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"319370469949607528258900883936558130478",
"19056843371057609482005153843118411412",
"224510060117883053613959646770243998371"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-1900-5bb7a3f3",
"target": {
"file": "hphp/runtime/base/object-data.cpp"
}
},
{
"source": "https://github.com/facebook/hhvm/commit/55dc2e1650c1e79e67b7f0ef20e51cd2d504a4bb",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"331473762518125757472384839031571060902",
"4158620335537989919269120992316136210",
"37536044244405383633242229082848527784",
"140335216194151808759673220052749435881"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-1900-b7606651",
"target": {
"file": "hphp/runtime/version.h"
}
},
{
"source": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "301093375172016626895894563153915036256",
"length": 202.0
},
"deprecated": false,
"id": "CVE-2020-1900-ba56ca6b",
"target": {
"function": "ObjectData::reserveProperties",
"file": "hphp/runtime/base/object-data.cpp"
}
},
{
"source": "https://github.com/facebook/hhvm/commit/d6af4b525b31c96526b2508642d58dbf5c7d496c",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"286093828909174357221555418457755310879",
"96311019219661911020751373701839576672",
"281574740350394436842520560909858709910",
"140335216194151808759673220052749435881"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-1900-e22db0a3",
"target": {
"file": "hphp/runtime/version.h"
}
}
]
"2026-07-08T20:30:44Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1900.json"