CVE-2020-1918

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-127
View all →

Vulnerability Description

In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.

Related Vulnerabilities

CVE-2020-5360

HIGH
CVSS:7.5(High)

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in...

CWE-1272020

CVE-2024-10395

HIGH
CVSS:8.6(High)

No proper validation of the length of user input in http_server_get_content_type_from_extension.

CWE-1272024

CVE-2025-32050

MEDIUM
CVSS:5.9(Medium)

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

CWE-1272025

CVE-2024-10395

HIGH
CVSS:8.6(High)

No proper validation of the length of user input in http_server_get_content_type_from_extension.

CWE-1272024

CVE-2020-5360

HIGH
CVSS:7.5(High)

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in...

CWE-1272020

CVE-2025-32050

MEDIUM
CVSS:5.9(Medium)

A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.

CWE-1272025