Jjergus

Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 4.32.3 HHVM versions 4.33.0 through 4.62.0 Description: The fb unserialize function did not impose a depth limit for nested deserialization, allowing a maliciously constructed string to cause deserialization to recurse and lead to stack exhaustion. Recommendations: For HHVM versions prior to 4.32.3, update to version 4.32.3 or later. For HHVM versions 4.33.0 through 4.62.0, update to a version outside of this range, as these versions are affected. As a temporary workaround, consider restricting the use of the `fb unserialize` function to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 4.32.3 HHVM versions 4.33.0 through 4.62.0 Description: The unserialize() function has a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. Recommendations: For HHVM versions prior to 4.32.3, update to version 4.32.3 or later. For HHVM versions 4.33.0 through 4.62.0, update to a version outside of this range, as these versions are affected by the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability for versions 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.

Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 4.32.3 HHVM versions 4.33.0 through 4.62.0 Description: When unserializing an object with dynamic properties, HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise, the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM for the specified versions. Recommendations: For HHVM versions prior to 4.32.3, update to version 4.32.3 or later. For HHVM versions 4.33.0 through 4.62.0, update to a version later than 4.62.0. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 4.56.2 HHVM versions 4.57.0 through 4.78.0 HHVM version 4.79.0 HHVM version 4.80.0 HHVM version 4.81.0 HHVM version 4.82.0 HHVM version 4.83.0 Description: An incorrect size calculation in ldap escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. Recommendations: For HHVM versions prior to 4.56.2, update to version 4.56.2 or later. For HHVM versions 4.57.0 through 4.78.0, update to a version outside of this range. For HHVM version 4.79.0, update to a newer version. For HHVM version 4.80.0, update to a newer version. For HHVM version 4.81.0, update to a newer version. For HHVM version 4.82.0, update to a newer version. For HHVM version 4.83.0, update to a newer version. As a temporary workaround, consider restricting the input length to prevent overly long input from being passed to the ldap escape function.

Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 4.56.3 HHVM versions 4.57.0 through 4.80.1 HHVM versions 4.81.0 through 4.93.1 HHVM versions 4.94.0 through 4.98.0 Description: The xbuf format converter, used as part of exif read data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. Recommendations: For versions prior to 4.56.3, update to version 4.56.3 or later. For versions 4.57.0 through 4.80.1, update to version 4.80.2 or later. For versions 4.81.0 through 4.93.1, update to version 4.93.2 or later. For versions 4.94.0 through 4.98.0, update to a version later than 4.98.0. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: HHVM versions prior to 4.56.3 HHVM versions 4.57.0 through 4.80.1 HHVM versions 4.81.0 through 4.93.1 HHVM versions 4.94.0 through 4.98.0 Description: The issue arises in the crypt function where it attempts to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. Recommendations: For versions prior to 4.56.3, update to version 4.56.3 or later. For versions 4.57.0 through 4.80.1, update to version 4.80.2 or later. For versions 4.81.0 through 4.93.1, update to version 4.93.2 or later. For versions 4.94.0 through 4.98.0, update to a version later than 4.98.0. As a temporary workaround, consider disabling the crypt function until a patch is available.