CVE-2021-24036

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.

Published: Jul 23, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-24036
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
facebook / hhvm	4.81.0	4.102.1.x
facebook / hhvm	4.115.0	4.115.0.x
facebook / hhvm	4.116.0	4.116.0.x
facebook / hhvm	4.117.0	4.117.0.x
facebook / hhvm	-	4.80.5
facebook / hhvm	4.103.0	4.113.0.x
facebook / hhvm	4.114.0	4.114.0.x
facebook / hhvm	4.118.0	4.118.0.x
facebook / hhvm	4.118.1	4.118.1.x
facebook / folly	-	2021.07.22.00

Vulnerability Database

289,871

CVE-2021-24036