VDB
CVE-2021-24036
CVE-2021-24036
PUBLISHED
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.
EPSS 6.19% · 91.0th percentile
Risk Scores
EPSS Score
6.19%
91.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | hhvm | 0, 3.11.0+dfsg-1, 3.11.1+dfsg-1ubuntu1 |
| Ubuntu:18.04:LTS | hhvm | *, 3.21.0+dfsg-2, 0 |
Exploit Intelligence
Timeline
- Jul 23, 2021 CVE Published
- Jul 23, 2021 EPSS Score
- Sep 20, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 17, 2022 EPSS Score
- Mar 17, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 15, 2022 EPSS Score
- Sep 12, 2022 EPSS Score
- Oct 26, 2022 CVE Updated
- Jan 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-24036 third-party-advisory
- https://hhvm.com/blog/2021/07/20/security-update.html third-party-advisory
- https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 third-party-advisory
- https://www.facebook.com/security/advisories/cve-2021-24036 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-24036 third-party-advisory