CVE-2020-1899

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1899

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1899.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-1899

Downstream

UBUNTU-CVE-2020-1899

Published

2021-03-11T01:15:14.333Z

Modified

2025-11-14T10:55:37.489298Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.

References

Affected packages

Git / github.com/facebook/hhvm

Affected ranges

Type: GIT
Repo: https://github.com/facebook/hhvm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1107228a5128d3ca1c4add8ac1635d933cbbe2e9

Affected versions

HPHP-2.*

HPHP-2.1.0

gcc-4.*

gcc-4.6

nightly-2019.*

nightly-2019.03.28

nightly-2019.03.29

nightly-2019.03.30

nightly-2019.03.31

nightly-2019.04.01

nightly-2019.04.02

nightly-2019.04.03

nightly-2019.04.04

nightly-2019.04.05

nightly-2019.04.06

nightly-2019.04.07

nightly-2019.04.08

nightly-2019.04.09

nightly-2019.04.10

nightly-2019.04.11

nightly-2019.04.12

nightly-2019.04.13

nightly-2019.04.14

nightly-2019.04.15

nightly-2019.04.16

nightly-2019.04.17

nightly-2019.04.18

nightly-2019.04.19

nightly-2019.04.20

nightly-2019.04.21

nightly-2019.04.22

nightly-2019.04.23

nightly-2019.04.24

nightly-2019.04.25

nightly-2019.04.26

nightly-2019.04.27

nightly-2019.04.28

nightly-2019.04.29

nightly-2019.04.30

nightly-2019.05.01

nightly-2019.05.02

nightly-2019.05.03

nightly-2019.05.04

nightly-2019.05.05

nightly-2019.05.06

nightly-2019.05.07

nightly-2019.05.08

nightly-2019.05.09

nightly-2019.05.10

nightly-2019.05.11

nightly-2019.05.12

nightly-2019.05.13

nightly-2019.05.14

nightly-2019.05.15

nightly-2019.05.16

nightly-2019.05.17

nightly-2019.05.18

nightly-2019.05.19

nightly-2019.05.20

nightly-2019.05.21

nightly-2019.05.22

nightly-2019.05.23

nightly-2019.05.24

nightly-2019.05.25

nightly-2019.05.26

nightly-2019.05.27

nightly-2019.05.28

nightly-2019.05.29

nightly-2019.05.30

nightly-2019.05.31

nightly-2019.06.01

nightly-2019.06.02

nightly-2019.06.03

nightly-2019.06.04

nightly-2019.06.05

nightly-2019.06.06

nightly-2019.06.07

nightly-2019.06.08

nightly-2019.06.09

nightly-2019.06.10

nightly-2019.06.11

nightly-2019.06.12

nightly-2019.06.13

nightly-2019.06.14

nightly-2019.06.15

nightly-2019.06.16

nightly-2019.06.17

nightly-2019.06.18

nightly-2019.06.19

nightly-2019.06.20

nightly-2019.06.21

nightly-2019.06.22

nightly-2019.06.23

nightly-2019.06.24

nightly-2019.06.25

nightly-2019.06.26

nightly-2019.06.27

nightly-2019.06.28

nightly-2019.06.29

nightly-2019.06.30

nightly-2019.07.01

nightly-2019.07.02

nightly-2019.07.03

nightly-2019.07.04

nightly-2019.07.05

nightly-2019.07.06

nightly-2019.07.07

nightly-2019.07.08

nightly-2019.07.09

nightly-2019.07.10

nightly-2019.07.11

nightly-2019.07.12

nightly-2019.07.13

nightly-2019.07.14

nightly-2019.07.15

nightly-2019.07.16

nightly-2019.07.17

nightly-2019.07.18

nightly-2019.07.19

nightly-2019.07.20

nightly-2019.07.21

nightly-2019.07.22

nightly-2019.07.23

nightly-2019.07.24

nightly-2019.07.25

nightly-2019.07.26

nightly-2019.07.27

nightly-2019.07.28

nightly-2019.07.29

nightly-2019.07.30

nightly-2019.07.31

nightly-2019.08.01

nightly-2019.08.02

nightly-2019.08.03

nightly-2019.08.04

nightly-2019.08.05

nightly-2019.08.06

nightly-2019.08.07

nightly-2019.08.08

nightly-2019.08.09

nightly-2019.08.10

nightly-2019.08.11

nightly-2019.08.12

nightly-2019.08.13

nightly-2019.08.14

nightly-2019.08.15

nightly-2019.08.16

nightly-2019.08.17

nightly-2019.08.18

nightly-2019.08.19

nightly-2019.08.20

nightly-2019.08.21

nightly-2019.08.22

nightly-2019.08.23

nightly-2019.08.24

nightly-2019.08.25

nightly-2019.08.26

nightly-2019.08.27

nightly-2019.08.28

nightly-2019.08.29

nightly-2019.08.30

nightly-2019.08.31

nightly-2019.09.01

nightly-2019.09.02

nightly-2019.09.03

nightly-2019.09.04

nightly-2019.09.05

nightly-2019.09.06

nightly-2019.09.07

nightly-2019.09.08

nightly-2019.09.09

nightly-2019.09.10

nightly-2019.09.11

nightly-2019.09.12

nightly-2019.09.13

nightly-2019.09.14

nightly-2019.09.15

nightly-2019.09.16

nightly-2019.09.17

nightly-2019.09.18

nightly-2019.09.19

nightly-2019.09.20

nightly-2019.09.21

nightly-2019.09.22

nightly-2019.09.23

nightly-2019.09.24

nightly-2019.09.25

nightly-2019.09.26

nightly-2019.09.27

nightly-2019.09.28

nightly-2019.09.29

nightly-2019.09.30

nightly-2019.10.01

nightly-2019.10.02

nightly-2019.10.03

nightly-2019.10.04

nightly-2019.10.05

nightly-2019.10.06

nightly-2019.10.07

nightly-2019.10.08

nightly-2019.10.09

nightly-2019.10.10

nightly-2019.10.11

nightly-2019.10.12

nightly-2019.10.13

nightly-2019.10.14

nightly-2019.10.15

nightly-2019.10.16

nightly-2019.10.17

nightly-2019.10.18

nightly-2019.10.19

nightly-2019.10.20

nightly-2019.10.21

nightly-2019.10.22

nightly-2019.10.23

nightly-2019.10.24

nightly-2019.10.25

nightly-2019.10.26

nightly-2019.10.27

nightly-2019.10.28

nightly-2019.10.29

nightly-2019.10.30

nightly-2019.10.31

nightly-2019.11.01

nightly-2019.11.02

nightly-2019.11.03

nightly-2019.11.04

nightly-2019.11.05

nightly-2019.11.06

nightly-2019.11.07

nightly-2019.11.08

nightly-2019.11.09

nightly-2019.11.10

nightly-2019.11.11

nightly-2019.11.12

nightly-2019.11.13

nightly-2019.11.14

nightly-2019.11.15

nightly-2019.11.16

nightly-2019.11.17

nightly-2019.11.18

nightly-2019.11.19

nightly-2019.11.20

nightly-2019.11.21

nightly-2019.11.22

nightly-2019.11.23

nightly-2019.11.24

nightly-2019.11.25

nightly-2019.11.26

nightly-2019.11.27

nightly-2019.11.28

nightly-2019.11.29

nightly-2019.11.30

nightly-2019.12.01

nightly-2019.12.02

nightly-2019.12.03

nightly-2019.12.04

nightly-2019.12.05

nightly-2019.12.06

nightly-2019.12.07

nightly-2019.12.08

nightly-2019.12.09

nightly-2019.12.10

nightly-2019.12.11

nightly-2019.12.12

nightly-2019.12.13

nightly-2019.12.14

nightly-2019.12.15

nightly-2019.12.16

nightly-2019.12.17

nightly-2019.12.18

nightly-2019.12.19

nightly-2019.12.20

nightly-2019.12.21

nightly-2019.12.22

nightly-2019.12.23

nightly-2019.12.24

nightly-2019.12.25

nightly-2019.12.26

nightly-2019.12.27

nightly-2019.12.28

nightly-2019.12.29

nightly-2019.12.30

nightly-2019.12.31

nightly-2020.*

nightly-2020.01.01

nightly-2020.01.02

nightly-2020.01.03

nightly-2020.01.04

nightly-2020.01.05

nightly-2020.01.06

nightly-2020.01.07

nightly-2020.01.08

nightly-2020.01.09

nightly-2020.01.10

nightly-2020.01.11

nightly-2020.01.12

nightly-2020.01.13

nightly-2020.01.14

nightly-2020.01.15

nightly-2020.01.16

nightly-2020.01.17

nightly-2020.01.18

nightly-2020.01.19

nightly-2020.01.20

nightly-2020.01.21

nightly-2020.01.22

nightly-2020.01.23

nightly-2020.01.24

nightly-2020.01.25

nightly-2020.01.26

nightly-2020.01.27

nightly-2020.01.28

nightly-2020.01.29

nightly-2020.01.30

nightly-2020.01.31

nightly-2020.02.01

nightly-2020.02.02

nightly-2020.02.03

nightly-2020.02.04

nightly-2020.02.05

nightly-2020.02.06

nightly-2020.02.07

nightly-2020.02.08

nightly-2020.02.09

nightly-2020.02.10

nightly-2020.02.11

nightly-2020.02.12

nightly-2020.02.13

nightly-2020.02.14

nightly-2020.02.15

nightly-2020.02.16

nightly-2020.02.17

nightly-2020.02.18

nightly-2020.02.19

nightly-2020.02.20

nightly-2020.02.21

nightly-2020.02.22

nightly-2020.02.23

nightly-2020.02.24

nightly-2020.02.25

nightly-2020.02.26

nightly-2020.02.27

nightly-2020.02.28

nightly-2020.02.29

nightly-2020.03.01

nightly-2020.03.02

nightly-2020.03.03

nightly-2020.03.04

nightly-2020.03.05

nightly-2020.03.06

nightly-2020.03.07

nightly-2020.03.08

nightly-2020.03.09

nightly-2020.03.10

nightly-2020.03.11

nightly-2020.03.12

nightly-2020.03.13

nightly-2020.03.14

nightly-2020.03.15

nightly-2020.03.16

nightly-2020.03.17

nightly-2020.03.18

nightly-2020.03.19

nightly-2020.03.20

nightly-2020.03.21

nightly-2020.03.22

nightly-2020.03.23

nightly-2020.03.24

nightly-2020.03.25

nightly-2020.03.26

nightly-2020.03.27

nightly-2020.03.28

nightly-2020.03.29

nightly-2020.03.30

nightly-2020.03.31

nightly-2020.04.01

nightly-2020.04.02

nightly-2020.04.03

nightly-2020.04.04

nightly-2020.04.05

nightly-2020.04.06

nightly-2020.04.07

nightly-2020.04.08

nightly-2020.04.09

nightly-2020.04.10

nightly-2020.04.11

nightly-2020.04.12

nightly-2020.04.13

nightly-2020.04.14

nightly-2020.04.15

nightly-2020.04.16

nightly-2020.04.17

nightly-2020.04.18

nightly-2020.04.19

nightly-2020.04.20

nightly-2020.04.21

nightly-2020.04.22

nightly-2020.04.23

nightly-2020.04.24

nightly-2020.04.25

nightly-2020.04.26

nightly-2020.04.27

nightly-2020.04.28

nightly-2020.04.29

nightly-2020.04.30

nightly-2020.05.01

nightly-2020.05.02

nightly-2020.05.03

nightly-2020.05.04

nightly-2020.05.05

nightly-2020.05.06

nightly-2020.05.07

nightly-2020.05.08

nightly-2020.05.09

nightly-2020.05.10

nightly-2020.05.11

nightly-2020.05.12

nightly-2020.05.13

nightly-2020.05.14

nightly-2020.05.15

nightly-2020.05.16

nightly-2020.05.17

nightly-2020.05.18

nightly-2020.05.19

nightly-2020.05.20

nightly-2020.05.21

nightly-2020.05.22

nightly-2020.05.23

nightly-2020.05.24

nightly-2020.05.25

nightly-2020.05.26

nightly-2020.05.27

nightly-2020.05.28

nightly-2020.05.29

nightly-2020.05.30

nightly-2020.05.31

nightly-2020.06.01

nightly-2020.06.02

nightly-2020.06.03

nightly-2020.06.04

nightly-2020.06.05

nightly-2020.06.06

nightly-2020.06.07

nightly-2020.06.08

nightly-2020.06.09

nightly-2020.06.10

nightly-2020.06.11

nightly-2020.06.12

nightly-2020.06.13

nightly-2020.06.14

nightly-2020.06.15

nightly-2020.06.16

nightly-2020.06.17

nightly-2020.06.18

nightly-2020.06.19

nightly-2020.06.20

nightly-2020.06.21

nightly-2020.06.22

nightly-2020.06.23

nightly-2020.06.24

nightly-2020.06.25

nightly-2020.06.26

nightly-2020.06.27

nightly-2020.06.28

nightly-2020.06.29

nightly-2020.06.30

Other

pre-hhvm

src-hphp

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "function_hash": "296497231455137404359568022051131713760",
            "length": 1174.0
        },
        "id": "CVE-2020-1899-381b6cb0",
        "target": {
            "file": "hphp/runtime/base/variable-unserializer.cpp",
            "function": "VariableUnserializer::matchString"
        },
        "source": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "305469386172568607995090889127400499800",
                "164748909009527016058299342589249192028",
                "74505882255080775097042379243447366500",
                "321822967609217144650500439140456360480"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-1899-e2430ba7",
        "target": {
            "file": "hphp/runtime/base/variable-unserializer.cpp"
        },
        "source": "https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9"
    }
]