CVE-2020-1899

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-822
View all →

Vulnerability Description

The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.

Related Vulnerabilities

CVE-2017-12719

HIGH
CVSS:7.5(High)

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program caus...

CWE-8222017

CVE-2017-16728

HIGH
CVSS:7.5(High)

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid...

CWE-8222017

CVE-2023-21677

HIGH
CVSS:7.5(High)

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

CWE-8222023

CVE-2024-23136

HIGH
CVSS:7.5(High)

A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could...

CWE-8222024

CVE-2024-26254

HIGH
CVSS:7.5(High)

Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability

CWE-8222024