Filtered by vendor Facebook
Subscribe
Total
103 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1921 | 1 Facebook | 1 Hhvm | 2021-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1915 | 1 Facebook | 1 Hermes | 2020-11-02 | 4.3 MEDIUM | 7.5 HIGH |
| An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2019-11922 | 1 Facebook | 1 Zstandard | 2020-10-20 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. | |||||
| CVE-2020-1914 | 1 Facebook | 1 Hermes | 2020-10-20 | 7.5 HIGH | 9.8 CRITICAL |
| A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2019-3563 | 1 Facebook | 1 Wangle | 2020-10-16 | 7.5 HIGH | 9.8 CRITICAL |
| Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00 | |||||
| CVE-2019-3560 | 1 Facebook | 1 Fizz | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. This issue affected versions of fizz prior to v2019.03.04.00. | |||||
| CVE-2019-3570 | 1 Facebook | 1 Hiphop Virtual Machine | 2020-10-16 | 7.5 HIGH | 9.8 CRITICAL |
| Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | |||||
| CVE-2019-11930 | 1 Facebook | 1 Hhvm | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. | |||||
| CVE-2018-6345 | 1 Facebook | 1 Hhvm | 2020-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below). | |||||
| CVE-2020-1912 | 1 Facebook | 1 Hermes | 2020-09-15 | 6.8 MEDIUM | 8.1 HIGH |
| An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2020-1913 | 1 Facebook | 1 Hermes | 2020-09-15 | 6.8 MEDIUM | 8.1 HIGH |
| An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2020-1911 | 1 Facebook | 1 Hermes | 2020-09-11 | 6.8 MEDIUM | 9.8 CRITICAL |
| A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2019-11924 | 1 Facebook | 1 Fizz | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00. | |||||
| CVE-2019-11923 | 1 Facebook | 1 Mcrouter | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service. | |||||
| CVE-2019-11937 | 1 Facebook | 1 Mcrouter | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | |||||
| CVE-2020-1897 | 1 Facebook | 1 Proxygen | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00. | |||||
| CVE-2020-1895 | 1 Facebook | 1 Instagram | 2020-04-10 | 6.8 MEDIUM | 7.8 HIGH |
| A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128. | |||||
| CVE-2019-11939 | 1 Facebook | 1 Thrift | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. | |||||
| CVE-2019-3553 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. | |||||
| CVE-2019-11938 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. | |||||