{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T18:47:49.317","vulnerabilities":[{"cve":{"id":"CVE-2020-1888","sourceIdentifier":"cve-assign@fb.com","published":"2020-03-03T15:15:11.883","lastModified":"2024-11-21T05:11:33.023","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7."},{"lang":"es","value":"Comprobaciones de límites insuficientes cuando se decodifica JSON en handleBackslash lee la memoria fuera de límites, conllevando potencialmente a una DOS. Este problema afecta a HHVM versiones 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versiones entre 4.33.0 y 4.38.0 (inclusive), versiones entre 4.9.0 y 4.32.0 (inclusive), y versiones anteriores a 4.8.7."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve-assign@fb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionEndExcluding":"4.8.7","matchCriteriaId":"D1FC3F1B-FB6A-4EC4-8878-0C55652434F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.0","versionEndIncluding":"4.32.0","matchCriteriaId":"D25B1929-CF0F-4D0F-9268-6022762717FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionStartIncluding":"4.33.0","versionEndIncluding":"4.38.0","matchCriteriaId":"87A4049D-2F34-4F15-83B4-0B620EB43500"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.39.0:*:*:*:*:*:*:*","matchCriteriaId":"43688064-E2D3-461C-982C-A9702623A41F"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.40.0:*:*:*:*:*:*:*","matchCriteriaId":"EF8C8ED9-02DD-4F9C-9B76-751FACE3ED48"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.41.0:*:*:*:*:*:*:*","matchCriteriaId":"94FEC1E6-58FD-47C1-B05E-80BAE3840532"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.42.0:*:*:*:*:*:*:*","matchCriteriaId":"503ED662-BA21-469D-9FDC-73622786B29D"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.43.0:*:*:*:*:*:*:*","matchCriteriaId":"F6F55273-3CA7-4432-9D43-951EC943E2B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.44.0:*:*:*:*:*:*:*","matchCriteriaId":"89BDE742-DE38-444B-9B40-6F14D6047B14"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.45.0:*:*:*:*:*:*:*","matchCriteriaId":"90646244-2B6C-402F-9835-9D540DE1EBC9"}]}]}],"references":[{"url":"https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13","source":"cve-assign@fb.com","tags":["Patch"]},{"url":"https://hhvm.com/blog/2020/02/20/security-update.html","source":"cve-assign@fb.com","tags":["Vendor Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/b3679121bb3c7017ff04b4c08402ffff5cf59b13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://hhvm.com/blog/2020/02/20/security-update.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}