{"id":"CVE-2020-1900","details":"When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.","modified":"2026-02-24T11:34:42.400277Z","published":"2021-03-11T01:15:14.490Z","references":[{"type":"ADVISORY","url":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"},{"type":"ADVISORY","url":"https://hhvm.com/blog/2020/06/30/security-update.html"},{"type":"FIX","url":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/hhvm","events":[{"introduced":"0"},{"fixed":"c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"},{"introduced":"8df1dd7ead93f50388145dd8d7734a69204b50a7"},{"fixed":"55dc2e1650c1e79e67b7f0ef20e51cd2d504a4bb"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1900.json","vanir_signatures":[{"source":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3","deprecated":false,"target":{"file":"hphp/runtime/base/variable-unserializer.cpp"},"id":"CVE-2020-1900-12916571","digest":{"threshold":0.9,"line_hashes":["15087195484119549554939185744270694969","247740747057664256062925961828700856466","5649611835980604045452791483973726846"]},"signature_type":"Line","signature_version":"v1"},{"source":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3","deprecated":false,"target":{"file":"hphp/runtime/base/variable-unserializer.cpp","function":"VariableUnserializer::unserializeProp"},"id":"CVE-2020-1900-5aecfeb3","digest":{"function_hash":"150732268746904783890200202889608657611","length":931},"signature_type":"Function","signature_version":"v1"},{"source":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3","deprecated":false,"target":{"file":"hphp/runtime/base/object-data.cpp"},"id":"CVE-2020-1900-5bb7a3f3","digest":{"threshold":0.9,"line_hashes":["319370469949607528258900883936558130478","19056843371057609482005153843118411412","224510060117883053613959646770243998371"]},"signature_type":"Line","signature_version":"v1"},{"source":"https://github.com/facebook/hhvm/commit/55dc2e1650c1e79e67b7f0ef20e51cd2d504a4bb","deprecated":false,"target":{"file":"hphp/runtime/version.h"},"id":"CVE-2020-1900-b7606651","digest":{"threshold":0.9,"line_hashes":["331473762518125757472384839031571060902","4158620335537989919269120992316136210","37536044244405383633242229082848527784","140335216194151808759673220052749435881"]},"signature_type":"Line","signature_version":"v1"},{"source":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3","deprecated":false,"target":{"file":"hphp/runtime/base/object-data.cpp","function":"ObjectData::reserveProperties"},"id":"CVE-2020-1900-ba56ca6b","digest":{"function_hash":"301093375172016626895894563153915036256","length":202},"signature_type":"Function","signature_version":"v1"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}