Skip to content

OOB access in ldap_escape

Moderate
bukka published GHSA-g665-fm4p-vhff Nov 21, 2024

Package

No package listed

Affected versions

< 8.1.31
< 8.2.26
< 8.3.14

Patched versions

8.1.31
8.2.26
8.3.14

Description

Impact

Uncontrolled long string inputs to ldap_escape on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

Details

This issue affected HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-1916
Patch: facebook/hhvm@abe0b29

Severity

Moderate

CVE ID

CVE-2024-8932

Weaknesses

No CWEs

Credits