Buffer Under-read

CVE-2020-1918

High

7.5/10

Summary

In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-127 - Buffer Under-read

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

References

Advisory Timeline

Published Mar 10, 2021

Buffer Under-read

CVE-2020-1918

Summary

CWE-127 - Buffer Under-read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS