CVE-2021-24025

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca	Patch Third Party Advisory
https://hhvm.com/blog/2021/02/25/security-update.html	Release Notes Third Party Advisory
https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca	Patch Third Party Advisory
https://hhvm.com/blog/2021/02/25/security-update.html	Release Notes Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm:4.94.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.95.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.96.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.97.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.98.0:::::::*

History

No history.

Information

Published : 2021-03-10 16:15

Updated : 2024-11-21 05:52

NVD link : CVE-2021-24025

Mitre link : CVE-2021-24025

CVE.ORG link : CVE-2021-24025

JSON object : View

Products Affected

facebook

hhvm

CWE

CWE-122

Heap-based Buffer Overflow

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2021-24025", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-03-10T16:15:16.750", "references": [{"url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca", "tags": ["Patch", "Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://hhvm.com/blog/2021/02/25/security-update.html", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hhvm.com/blog/2021/02/25/security-update.html", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-122"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0."}, {"lang": "es", "value": "Debido a c\u00e1lculos de tama\u00f1o de cadena incorrectos dentro de la funci\u00f3n preg_quote, una cadena de entrada grande pasada a la funci\u00f3n puede desencadenar un desbordamiento de enteros que conlleva a un desbordamiento de la pila. Este problema afecta a versiones de HHVM anteriores a 4.56.3, todas las versiones entre 4.57.0 y 4.80.1, todas las versiones entre 4.81.0 y 4.93.1 y versiones 4.94.0, 4.95.0, 4.96.0, 4.97.0 , 4.98.0"}], "lastModified": "2024-11-21T05:52:14.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "069C0B7D-5233-4EFF-BBA7-8B84D9227044", "versionEndExcluding": "4.56.3"}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5E6E1A7-225A-4C45-9E2D-5ED55BA3AEA3", "versionEndIncluding": "4.80.1", "versionStartIncluding": "4.57.0"}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9470E6A8-E2CB-4C72-8FEF-5CFF04E7E3C3", "versionEndIncluding": "4.93.1", "versionStartIncluding": "4.81.0"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.94.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C4B9A3C-6A5A-45C4-A490-C13CF6D6A867"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.95.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18D33DC0-E6A7-4DC6-8E9A-2B85842EC21B"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.96.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0B9078D-3C25-45B2-B5F2-59585A47BACB"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.97.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B8F5C11-8610-4099-8A45-E6241F3D24E0"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.98.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47FF13C3-19DC-4F53-BF9D-38AC89D647D5"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}