CVE-2020-1900
- Source
- https://cve.org/CVERecord?id=CVE-2020-1900
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1900.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-1900
- Downstream
- Published
- 2021-03-11T01:15:14.490Z
- Modified
- 2026-02-24T11:34:42.400277Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
- References
Affected packages
Git / github.com/facebook/hhvm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hhvm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1900.json"
vanir_signatures
[
{
"source": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"15087195484119549554939185744270694969",
"247740747057664256062925961828700856466",
"5649611835980604045452791483973726846"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "hphp/runtime/base/variable-unserializer.cpp"
},
"signature_version": "v1",
"id": "CVE-2020-1900-12916571"
},
{
"source": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
"digest": {
"length": 931.0,
"function_hash": "150732268746904783890200202889608657611"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "VariableUnserializer::unserializeProp",
"file": "hphp/runtime/base/variable-unserializer.cpp"
},
"signature_version": "v1",
"id": "CVE-2020-1900-5aecfeb3"
},
{
"source": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"319370469949607528258900883936558130478",
"19056843371057609482005153843118411412",
"224510060117883053613959646770243998371"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "hphp/runtime/base/object-data.cpp"
},
"signature_version": "v1",
"id": "CVE-2020-1900-5bb7a3f3"
},
{
"source": "https://github.com/facebook/hhvm/commit/55dc2e1650c1e79e67b7f0ef20e51cd2d504a4bb",
"digest": {
"threshold": 0.9,
"line_hashes": [
"331473762518125757472384839031571060902",
"4158620335537989919269120992316136210",
"37536044244405383633242229082848527784",
"140335216194151808759673220052749435881"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "hphp/runtime/version.h"
},
"signature_version": "v1",
"id": "CVE-2020-1900-b7606651"
},
{
"source": "https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3",
"digest": {
"length": 202.0,
"function_hash": "301093375172016626895894563153915036256"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "ObjectData::reserveProperties",
"file": "hphp/runtime/base/object-data.cpp"
},
"signature_version": "v1",
"id": "CVE-2020-1900-ba56ca6b"
}
]