CVE-2020-1921
- Source
- https://cve.org/CVERecord?id=CVE-2020-1921
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1921.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-1921
- Downstream
- Published
- 2021-03-10T16:15:14.547Z
- Modified
- 2026-02-24T11:35:19.145284Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
- References
Affected packages
Git / github.com/facebook/hhvm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hhvm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2020-1921-0aa8a92c",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/ext/string/ext_string.cpp",
"function": "HHVM_FUNCTION"
},
"deprecated": false,
"digest": {
"function_hash": "231541922683328977702299654062409521541",
"length": 804.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-217e9507",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/ext/strobelight/ext_strobelight.cpp",
"function": "logToUSDT"
},
"deprecated": false,
"digest": {
"function_hash": "296674619659925255028886412411189640428",
"length": 1706.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-222a0275",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/ext/std/ext_std_file.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"175858273613805101694652743007024626161",
"333168716995591688600956860174174725664",
"229164033001702589638141180527710230752",
"242607794868199471530977091939516612419"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-29fd66f3",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/base/string-data-inl.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"319517057754826242787689596683471001210",
"147271679474116665575163919994635483668",
"143901499551783554200943481219544729611",
"286207578961964542825380827053084973408",
"317333281483831010982552661815304846079",
"217447589277046825048685304886078739333",
"105162570172779070591328623912213493347",
"284146608779374618925369383112799221005",
"5355858725456098006530043055298220962"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-3cfd81ff",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/ext/sockets/ext_sockets.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"166318824727500359552855831850252518195",
"49798951412944969287031070451058293742",
"167847665771403031950395333516141802375",
"174417108818838197660724066038879527280"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-4f5a77fb",
"signature_type": "Line",
"target": {
"file": "hphp/zend/zend-printf.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"224168498843425374167705441644972012909",
"91644198291228241169439319745520727318",
"204107984143582896784219386537746212953",
"264872528270857522219053662914626293481",
"188288630128332861733822243320373758869",
"65415194576104425828998070185581652385"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-50b07dd8",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/ext/sockets/ext_sockets.cpp",
"function": "set_sockaddr"
},
"deprecated": false,
"digest": {
"function_hash": "338881536876586480774818660376688941200",
"length": 1684.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-53c200bd",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/ext/string/ext_string.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"114214535413380827657111370921917589157",
"166295115478255213267288604808927286413",
"337198269310718649054343161692561172916",
"317915948134582992559857764100566724712",
"121784621892997116464896520427028451293",
"282721632966562206911603463182427424963",
"86841137666070060293872126381779423380",
"234217928977252635265272191783889128469",
"190620642117225810125904801393647961802",
"312054837688965834899931816719642490241",
"208403628995824814588300241064886673109"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-5a1d93de",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/base/mem-file.cpp",
"function": "MemFile::seek"
},
"deprecated": false,
"digest": {
"function_hash": "314541514502086594909502835742672930069",
"length": 475.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-6dda6dfa",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/base/preg.cpp",
"function": "preg_quote"
},
"deprecated": false,
"digest": {
"function_hash": "162013863829912412695631272734450231290",
"length": 1012.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-83453b58",
"signature_type": "Line",
"target": {
"file": "hphp/zend/zend-string.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"117130631625362125374404902761149653631",
"125298798078659001668954005101248048231",
"167836213993974169863605019681013660572",
"37903480730437959663346881426622022383"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-86d1439e",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/base/string-data.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"333290057892826519502290583704801516826",
"215365068172160674663527408582297826115",
"252015681811295758166469595085168630558",
"119088290247309757461025657833851018248",
"176978386035683063105689708198150060024",
"104283557923542370691859809997828272832",
"56164276920378947031061153932114021116",
"216507674827227588492169669836731629255",
"53259819309648313019060275724754351450"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-89fb8489",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/ext/std/ext_std_file.cpp",
"function": "HHVM_FUNCTION"
},
"deprecated": false,
"digest": {
"function_hash": "217044411193589900381965166043782856433",
"length": 333.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-8a5fd792",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/ext/std/ext_std_variable.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"227197025776611435514766817439232030137",
"174952894475033226474115065298911332907",
"325448924024253330791240800257927446436",
"59671149537358873089492004686217150438"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-8bd6bf51",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/ext/openssl/ext_openssl.cpp",
"function": "php_openssl_validate_iv"
},
"deprecated": false,
"digest": {
"function_hash": "207186935421098775552186413868622146095",
"length": 1362.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-911fdc0e",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/ext/gd/ext_gd.cpp",
"function": "exif_scan_thumbnail"
},
"deprecated": false,
"digest": {
"function_hash": "107425036347634382386286559800922147507",
"length": 1489.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-95fd63f4",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/ext/gd/ext_gd.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"86123253390548430014955761452902441997",
"13395083059725272318110847968045779259",
"136946500579005801278905764052415299022",
"283277984047822783910215500634658118267"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-9da50a37",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/ext/hotprofiler/ext_hotprofiler.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"221592429873641936563789543946763563006",
"245451832070687772359604727911701553008",
"228521589752481566764354099713019208731",
"183978219758900438130298324102932782776",
"191839459069608202444315019199469932319"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-a92165c0",
"signature_type": "Function",
"target": {
"file": "hphp/zend/zend-string.cpp",
"function": "string_crypt"
},
"deprecated": false,
"digest": {
"function_hash": "52270545854423910183742541675818099261",
"length": 1248.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-aab60d96",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/base/mem-file.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"219857856471235800012758232502943627612",
"137667947755400408435804497523262929306",
"56695284754312515472465646385896999775",
"216187944922495862211881139387225232251",
"219160560747905232329640264250853592184",
"54215737003012961490915006855427372953",
"29160505852404966018030665353246220426",
"9612036663886797900471451913979649811",
"62155960225799311080762397549651285278",
"86689430647256623514877626072168510254",
"320070862510210793396826140287213866872",
"49761466243874919102024482677753470234",
"252669099177066870612737689260621765665",
"116038890695993745273448139430389513470",
"302943200745199608941564143009873101291",
"306799779193331431480469267109861405375",
"228056120120562193132405196785197336669",
"138933897981826006145480333627071247898",
"138231817352315536210436142802194263230",
"208407771966282604764043928381662435163",
"154480876639212000885689185175688437135",
"200488752926009469948593647635974998486",
"168929408749433411094642285338451982116"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-ae7f78d4",
"signature_type": "Function",
"target": {
"file": "hphp/zend/zend-printf.cpp",
"function": "xbuf_format_converter"
},
"deprecated": false,
"digest": {
"function_hash": "217250058036648036535232800122396379162",
"length": 8928.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-b0070254",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/ext/strobelight/ext_strobelight.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"260096582061990730330363101661648644871",
"150198613823513126491149361350745555265",
"38105548737676174370535952898540824332",
"77089879582412974470355498851374418055",
"15989230918217611380711886914667120172",
"24284486158588787720896808881602396509",
"336757619118931825620929809654413497511",
"34017466872114901847639814619157993410",
"200260975984477698812740055800077654347",
"63545619553949581245797495697591808928",
"3632982811553897978420145565613861743",
"120702287628377252208372642198353064883",
"221075618042127030691721178192397648914"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-b79b54d8",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/base/mem-file.cpp",
"function": "MemFile::readImpl"
},
"deprecated": false,
"digest": {
"function_hash": "250237686805717754445906545827012823606",
"length": 305.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-c0718158",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/ext/std/ext_std_variable.cpp",
"function": "serialize_impl"
},
"deprecated": false,
"digest": {
"function_hash": "156299978203498550410542270101007751179",
"length": 1699.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-c1b0da8a",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/version.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"129666091655412664526895204061347000056",
"160016981209223430753633911542719325687",
"113334605668934533256516010032469343227",
"140335216194151808759673220052749435881"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/79a132194e1b4c1d7cb374b7b8a2bb74f11d08bf"
},
{
"id": "CVE-2020-1921-c3c2f978",
"signature_type": "Function",
"target": {
"file": "hphp/runtime/ext/mcrypt/ext_mcrypt.cpp",
"function": "HHVM_FUNCTION"
},
"deprecated": false,
"digest": {
"function_hash": "123380983931980390839885825242088741216",
"length": 1359.0
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-ca24a28b",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/ext/mcrypt/ext_mcrypt.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"135676760673253630310053021287554103737",
"119531440130351790625844054738874178693",
"115118795547407335264870985338694295345",
"235473432894776477757842301961081402286",
"143655116076381834396121867659166786365",
"67026642171641261079216677483145309843",
"97275219169922431683044824938330710868",
"302553828547393267656080924960720710030",
"59281161923763100689253095717394587054",
"269733743008787278976697727577692347825",
"22973653431157145227535255728237701278"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-da3739ee",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/ext/openssl/ext_openssl.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"37648826774284908189737564661752836324",
"97647651131215823960451468592672760575",
"157826719057088166832224280447011075834",
"225944074265128732638647907294734482048",
"311426279424550442740033440540211577085",
"179355305665490242313511320346907108229",
"198546124864446988299924336789920909525",
"131652704644437823079847276337017044138"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-e6d9f43d",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/base/type-string.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"112036728586050989651194236826169055871",
"41703590745587016313536149349570208870",
"41093288957220018556014819069198117056",
"193420672164350432607563479837135923061",
"78824073045334487111077191584931966177",
"335199195309132817406621886071998957420",
"117791152848002612914966874369007423248",
"22303256314802928453100212163463620980",
"12799570867735480123962618480897108900",
"310817599639488063812638205226588496146",
"81064550782676310263356156199337957839",
"226862356007425700031441198024498831612"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-ebdc03fd",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/base/preg.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"231544693829570069917217025785122379754",
"48854572171412557768836237377339709298",
"248815804019804088593315192906474727399"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca"
},
{
"id": "CVE-2020-1921-f49b6833",
"signature_type": "Line",
"target": {
"file": "hphp/runtime/version.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"113046116321680617747245693795541230100",
"144308374999532882378444052369408126281",
"113334605668934533256516010032469343227",
"140335216194151808759673220052749435881"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/facebook/hhvm/commit/f1dfafe82316eb0cb9b4c430dc2949a18296fd1b"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1921.json"