CVE-2021-24036

Name of the Vulnerable Software and Affected Versions: folly versions prior to v2021.07.22.00 HHVM versions prior to 4.80.5 HHVM versions 4.81.0 through 4.102.1 HHVM versions 4.103.0 through 4.113.0 HHVM versions 4.114.0 through 4.118.1

Description: Passing an attacker-controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution.

Recommendations: For folly versions prior to v2021.07.22.00, update to version v2021.07.22.00 or later. For HHVM versions prior to 4.80.5, update to version 4.80.5 or later. For HHVM versions 4.81.0 through 4.102.1, update to a version outside of this range. For HHVM versions 4.103.0 through 4.113.0, update to a version outside of this range. For HHVM versions 4.114.0 through 4.118.1, update to a version later than 4.118.1. As a temporary workaround, consider restricting the creation of IOBuf with attacker-controlled sizes until a patch is available.