{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T00:55:19.528","vulnerabilities":[{"cve":{"id":"CVE-2020-1917","sourceIdentifier":"cve-assign@fb.com","published":"2021-03-10T16:15:14.313","lastModified":"2024-11-21T05:11:36.520","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."},{"lang":"es","value":"La función xbuf_format_converter, usada como parte de exif_read_data, estaba agregando un carácter null de terminación a la cadena generada, pero no estaba usando su función estándar append char. Como resultado, si el búfer estuviera lleno, resultaría en una escritura fuera de límites. Este problema afecta HHVM versiones anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y las versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve-assign@fb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionEndExcluding":"4.56.3","matchCriteriaId":"069C0B7D-5233-4EFF-BBA7-8B84D9227044"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionStartIncluding":"4.57.0","versionEndExcluding":"4.80.2","matchCriteriaId":"59DAD37C-9F51-4BE3-B045-537CA259F7F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionStartIncluding":"4.81.0","versionEndExcluding":"4.93.2","matchCriteriaId":"3B78720F-AA79-459F-A66C-5C4D67D7EE31"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.94.0:*:*:*:*:*:*:*","matchCriteriaId":"1C4B9A3C-6A5A-45C4-A490-C13CF6D6A867"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.95.0:*:*:*:*:*:*:*","matchCriteriaId":"18D33DC0-E6A7-4DC6-8E9A-2B85842EC21B"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.96.0:*:*:*:*:*:*:*","matchCriteriaId":"B0B9078D-3C25-45B2-B5F2-59585A47BACB"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.97.0:*:*:*:*:*:*:*","matchCriteriaId":"7B8F5C11-8610-4099-8A45-E6241F3D24E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:4.98.0:*:*:*:*:*:*:*","matchCriteriaId":"47FF13C3-19DC-4F53-BF9D-38AC89D647D5"}]}]}],"references":[{"url":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","source":"cve-assign@fb.com","tags":["Patch","Third Party Advisory"]},{"url":"https://hhvm.com/blog/2021/02/25/security-update.html","source":"cve-assign@fb.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://hhvm.com/blog/2021/02/25/security-update.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}}]}