Cyber Resilience

CVE-2021-24036

Critical

Published: 23 July 2021

Published
23 July 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0619 91.0th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-24036 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Facebook Hhvm. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This…

more

issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

facebook
folly
≤ 2021.07.22.00
facebook
hhvm
4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 · ≤ 4.80.5 · 4.81.0 — 4.102.1 · 4.103.0 — 4.113.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References