CVE-2021-24025 Vulnerability Details

  /     /     /  

CVE-2021-24025 Metadata Quick Info

CVE Published: 10/03/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: facebook | Vendor: Facebook | Product: HHVM
Status : PUBLISHED

---

CVE-2021-24025 Description

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-122
CWE Name: Heap-based Buffer Overflow (CWE-122)
Source: Facebook

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).