{"id":"CVE-2020-1900","details":"When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.","modified":"2026-04-11T09:46:18.676799Z","published":"2021-03-11T01:15:14.490Z","references":[{"type":"ADVISORY","url":"https://hhvm.com/blog/2020/06/30/security-update.html"},{"type":"FIX","url":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/hhvm","events":[{"introduced":"0"},{"fixed":"d6af4b525b31c96526b2508642d58dbf5c7d496c"},{"introduced":"8df1dd7ead93f50388145dd8d7734a69204b50a7"},{"fixed":"55dc2e1650c1e79e67b7f0ef20e51cd2d504a4bb"},{"introduced":"0"},{"last_affected":"ce87598e3c65a922a6e25c7119e2446f1fa6a4b6"},{"introduced":"0"},{"last_affected":"e5d9f54178cc971e4343610744bd91092480a508"},{"introduced":"0"},{"last_affected":"175104241963f6ad874ba3a87c44c0c3267e40cb"},{"introduced":"0"},{"last_affected":"cfa9d4ef854b3a0e58bec1f1b44aac9a509d061b"},{"introduced":"0"},{"last_affected":"9886a016c187bdee00d3a865312f58adf57ccec4"},{"introduced":"0"},{"last_affected":"a8569adad0db669eceb81590f3b225bdd50e5ae3"},{"introduced":"0"},{"last_affected":"2fe7d70e6da93772c770dee950542cac80b5bc2f"},{"fixed":"c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.32.3"},{"introduced":"4.33.0"},{"fixed":"4.56.1"},{"introduced":"0"},{"last_affected":"4.57.0"},{"introduced":"0"},{"last_affected":"4.58.0"},{"introduced":"0"},{"last_affected":"4.58.1"},{"introduced":"0"},{"last_affected":"4.59.0"},{"introduced":"0"},{"last_affected":"4.60.0"},{"introduced":"0"},{"last_affected":"4.61.0"},{"introduced":"0"},{"last_affected":"4.62.0"}]}}],"versions":["HHVM-4.32.0","HHVM-4.32.1","HHVM-4.32.2","HHVM-4.56.0","HHVM-4.57.0","HHVM-4.58.0","HHVM-4.58.1","HHVM-4.59.0","HHVM-4.60.0","HHVM-4.61.0","HHVM-4.62.0","HPHP-2.1.0","gcc-4.6","nightly-2019.03.28","nightly-2019.03.29","nightly-2019.03.30","nightly-2019.03.31","nightly-2019.04.01","nightly-2019.04.02","nightly-2019.04.03","nightly-2019.04.04","nightly-2019.04.05","nightly-2019.04.06","nightly-2019.04.07","nightly-2019.04.08","nightly-2019.04.09","nightly-2019.04.10","nightly-2019.04.11","nightly-2019.04.12","nightly-2019.04.13","nightly-2019.04.14","nightly-2019.04.15","nightly-2019.04.16","nightly-2019.04.17","nightly-2019.04.18","nightly-2019.04.19","nightly-2019.04.20","nightly-2019.04.21","nightly-2019.04.22","nightly-2019.04.23","nightly-2019.04.24","nightly-2019.04.25","nightly-2019.04.26","nightly-2019.04.27","nightly-2019.04.28","nightly-2019.04.29","nightly-2019.04.30","nightly-2019.05.01","nightly-2019.05.02","nightly-2019.05.03","nightly-2019.05.04","nightly-2019.05.05","nightly-2019.05.06","nightly-2019.05.07","nightly-2019.05.08","nightly-2019.05.09","nightly-2019.05.10","nightly-2019.05.11","nightly-2019.05.12","nightly-2019.05.13","nightly-2019.05.14","nightly-2019.05.15","nightly-2019.05.16","nightly-2019.05.17","nightly-2019.05.18","nightly-2019.05.19","nightly-2019.05.20","nightly-2019.05.21","nightly-2019.05.22","nightly-2019.05.23","nightly-2019.05.24","nightly-2019.05.25","nightly-2019.05.26","nightly-2019.05.27","nightly-2019.05.28","nightly-2019.05.29","nightly-2019.05.30","nightly-2019.05.31","nightly-2019.06.01","nightly-2019.06.02","nightly-2019.06.03","nightly-2019.06.04","nightly-2019.06.05","nightly-2019.06.06","nightly-2019.06.07","nightly-2019.06.08","nightly-2019.06.09","nightly-2019.06.10","nightly-2019.06.11","nightly-2019.06.12","nightly-2019.06.13","nightly-2019.06.14","nightly-2019.06.15","nightly-2019.06.16","nightly-2019.06.17","nightly-2019.06.18","nightly-2019.06.19","nightly-2019.06.20","nightly-2019.06.21","nightly-2019.06.22","nightly-2019.06.23","nightly-2019.06.24","nightly-2019.06.25","nightly-2019.06.26","nightly-2019.06.27","nightly-2019.06.28","nightly-2019.06.29","nightly-2019.06.30","nightly-2019.07.01","nightly-2019.07.02","nightly-2019.07.03","nightly-2019.07.04","nightly-2019.07.05","nightly-2019.07.06","nightly-2019.07.07","nightly-2019.07.08","nightly-2019.07.09","nightly-2019.07.10","nightly-2019.07.11","nightly-2019.07.12","nightly-2019.07.13","nightly-2019.07.14","nightly-2019.07.15","nightly-2019.07.16","nightly-2019.07.17","nightly-2019.07.18","nightly-2019.07.19","nightly-2019.07.20","nightly-2019.07.21","nightly-2019.07.22","nightly-2019.07.23","nightly-2019.07.24","nightly-2019.07.25","nightly-2019.07.26","nightly-2019.07.27","nightly-2019.07.28","nightly-2019.07.29","nightly-2019.07.30","nightly-2019.07.31","nightly-2019.08.01","nightly-2019.08.02","nightly-2019.08.03","nightly-2019.08.04","nightly-2019.08.05","nightly-2019.08.06","nightly-2019.08.07","nightly-2019.08.08","nightly-2019.08.09","nightly-2019.08.10","nightly-2019.08.11","nightly-2019.08.12","nightly-2019.08.13","nightly-2019.08.14","nightly-2019.08.15","nightly-2019.08.16","nightly-2019.08.17","nightly-2019.08.18","nightly-2019.08.19","nightly-2019.08.20","nightly-2019.08.21","nightly-2019.08.22","nightly-2019.08.23","nightly-2019.08.24","nightly-2019.08.25","nightly-2019.08.26","nightly-2019.08.27","nightly-2019.08.28","nightly-2019.08.29","nightly-2019.08.30","nightly-2019.08.31","nightly-2019.09.01","nightly-2019.09.02","nightly-2019.09.03","nightly-2019.09.04","nightly-2019.09.05","nightly-2019.09.06","nightly-2019.09.07","nightly-2019.09.08","nightly-2019.09.09","nightly-2019.09.10","nightly-2019.09.11","nightly-2019.09.12","nightly-2019.09.13","nightly-2019.09.14","nightly-2019.09.15","nightly-2019.09.16","nightly-2019.09.17","nightly-2019.09.18","nightly-2019.09.19","nightly-2019.09.20","nightly-2019.09.21","nightly-2019.09.22","nightly-2019.09.23","nightly-2019.09.24","nightly-2019.09.25","nightly-2019.09.26","nightly-2019.09.27","nightly-2019.09.28","nightly-2019.09.29","nightly-2019.09.30","nightly-2019.10.01","nightly-2019.10.02","nightly-2019.10.03","nightly-2019.10.04","nightly-2019.10.05","nightly-2019.10.06","nightly-2019.10.07","nightly-2019.10.08","nightly-2019.10.09","nightly-2019.10.10","nightly-2019.10.11","nightly-2019.10.12","nightly-2019.10.13","nightly-2019.10.14","nightly-2019.10.15","nightly-2019.10.16","nightly-2019.10.17","nightly-2019.10.18","nightly-2019.10.19","nightly-2019.10.20","nightly-2019.10.21","nightly-2019.10.22","nightly-2019.10.23","nightly-2019.10.24","nightly-2019.10.25","nightly-2019.10.26","nightly-2019.10.27","nightly-2019.10.28","nightly-2019.10.29","nightly-2019.10.30","nightly-2019.10.31","nightly-2019.11.01","nightly-2019.11.02","nightly-2019.11.03","nightly-2019.11.04","nightly-2019.11.05","nightly-2019.11.06","nightly-2019.11.07","nightly-2019.11.08","nightly-2019.11.09","nightly-2019.11.10","nightly-2019.11.11","nightly-2019.11.12","nightly-2019.11.13","nightly-2019.11.14","nightly-2019.11.15","nightly-2019.11.16","nightly-2019.11.17","nightly-2019.11.18","nightly-2019.11.19","nightly-2019.11.20","nightly-2019.11.21","nightly-2019.11.22","nightly-2019.11.23","nightly-2019.11.24","nightly-2019.11.25","nightly-2019.11.26","nightly-2019.11.27","nightly-2019.11.28","nightly-2019.11.29","nightly-2019.11.30","nightly-2019.12.01","nightly-2019.12.02","nightly-2019.12.03","nightly-2019.12.04","nightly-2019.12.05","nightly-2019.12.06","nightly-2019.12.07","nightly-2019.12.08","nightly-2019.12.09","nightly-2019.12.10","nightly-2019.12.11","nightly-2019.12.12","nightly-2019.12.13","nightly-2019.12.14","nightly-2019.12.15","nightly-2019.12.16","nightly-2019.12.17","nightly-2019.12.18","nightly-2019.12.19","nightly-2019.12.20","nightly-2019.12.21","nightly-2019.12.22","nightly-2019.12.23","nightly-2019.12.24","nightly-2019.12.25","nightly-2019.12.26","nightly-2019.12.27","nightly-2019.12.28","nightly-2019.12.29","nightly-2019.12.30","nightly-2019.12.31","nightly-2020.01.01","nightly-2020.01.02","nightly-2020.01.03","nightly-2020.01.04","nightly-2020.01.05","nightly-2020.01.06","nightly-2020.01.07","nightly-2020.01.08","nightly-2020.01.09","nightly-2020.01.10","nightly-2020.01.11","nightly-2020.01.12","nightly-2020.01.13","nightly-2020.01.14","nightly-2020.01.15","nightly-2020.01.16","nightly-2020.01.17","nightly-2020.01.18","nightly-2020.01.19","nightly-2020.01.20","nightly-2020.01.21","nightly-2020.01.22","nightly-2020.01.23","nightly-2020.01.24","nightly-2020.01.25","nightly-2020.01.26","nightly-2020.01.27","nightly-2020.01.28","nightly-2020.01.29","nightly-2020.01.30","nightly-2020.01.31","nightly-2020.02.01","nightly-2020.02.02","nightly-2020.02.03","nightly-2020.02.04","nightly-2020.02.05","nightly-2020.02.06","nightly-2020.02.07","nightly-2020.02.08","nightly-2020.02.09","nightly-2020.02.10","nightly-2020.02.11","nightly-2020.02.12","nightly-2020.02.13","nightly-2020.02.14","nightly-2020.02.15","nightly-2020.02.16","nightly-2020.02.17","nightly-2020.02.18","nightly-2020.02.19","nightly-2020.02.20","nightly-2020.02.21","nightly-2020.02.22","nightly-2020.02.23","nightly-2020.02.24","nightly-2020.02.25","nightly-2020.02.26","nightly-2020.02.27","nightly-2020.02.28","nightly-2020.02.29","nightly-2020.03.01","nightly-2020.03.02","nightly-2020.03.03","nightly-2020.03.04","nightly-2020.03.05","nightly-2020.03.06","nightly-2020.03.07","nightly-2020.03.08","nightly-2020.03.09","nightly-2020.03.10","nightly-2020.03.11","nightly-2020.03.12","nightly-2020.03.13","nightly-2020.03.14","nightly-2020.03.15","nightly-2020.03.16","nightly-2020.03.17","nightly-2020.03.18","nightly-2020.03.19","nightly-2020.03.20","nightly-2020.03.21","nightly-2020.03.22","nightly-2020.03.23","nightly-2020.03.24","nightly-2020.03.25","nightly-2020.03.26","nightly-2020.03.27","nightly-2020.03.28","nightly-2020.03.29","nightly-2020.03.30","nightly-2020.03.31","nightly-2020.04.01","nightly-2020.04.02","nightly-2020.04.03","nightly-2020.04.04","nightly-2020.04.05","nightly-2020.04.06","nightly-2020.04.07","nightly-2020.04.08","nightly-2020.04.09","nightly-2020.04.10","nightly-2020.04.11","nightly-2020.04.12","nightly-2020.04.13","nightly-2020.04.14","nightly-2020.04.15","nightly-2020.04.16","nightly-2020.04.17","nightly-2020.04.18","nightly-2020.04.19","nightly-2020.04.20","nightly-2020.04.21","nightly-2020.04.22","nightly-2020.04.23","nightly-2020.04.24","nightly-2020.04.25","nightly-2020.04.26","nightly-2020.04.27","nightly-2020.04.28","nightly-2020.04.29","nightly-2020.04.30","nightly-2020.05.01","nightly-2020.05.02","nightly-2020.05.03","nightly-2020.05.04","nightly-2020.05.05","nightly-2020.05.06","nightly-2020.05.07","nightly-2020.05.08","nightly-2020.05.09","nightly-2020.05.10","nightly-2020.05.11","nightly-2020.05.12","nightly-2020.05.13","nightly-2020.05.14","nightly-2020.05.15","nightly-2020.05.16","nightly-2020.05.17","nightly-2020.05.18","nightly-2020.05.19","nightly-2020.05.20","nightly-2020.05.21","nightly-2020.05.22","nightly-2020.05.23","nightly-2020.05.24","nightly-2020.05.25","nightly-2020.05.26","nightly-2020.05.27","nightly-2020.05.28","nightly-2020.05.29","nightly-2020.05.30","nightly-2020.05.31","nightly-2020.06.01","nightly-2020.06.02","nightly-2020.06.03","nightly-2020.06.04","nightly-2020.06.05","nightly-2020.06.06","nightly-2020.06.07","nightly-2020.06.08","nightly-2020.06.09","nightly-2020.06.10","nightly-2020.06.11","nightly-2020.06.12","nightly-2020.06.13","nightly-2020.06.14","nightly-2020.06.15","nightly-2020.06.16","nightly-2020.06.17","nightly-2020.06.18","nightly-2020.06.19","nightly-2020.06.20","nightly-2020.06.21","nightly-2020.06.22","nightly-2020.06.23","nightly-2020.06.24","nightly-2020.06.25","nightly-2020.06.26","nightly-2020.06.27","nightly-2020.06.28","nightly-2020.06.29","nightly-2020.06.30","pre-hhvm","src-hphp"],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"hphp/runtime/base/variable-unserializer.cpp"},"id":"CVE-2020-1900-12916571","signature_type":"Line","source":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3","signature_version":"v1","digest":{"line_hashes":["15087195484119549554939185744270694969","247740747057664256062925961828700856466","5649611835980604045452791483973726846"],"threshold":0.9}},{"deprecated":false,"target":{"function":"VariableUnserializer::unserializeProp","file":"hphp/runtime/base/variable-unserializer.cpp"},"id":"CVE-2020-1900-5aecfeb3","signature_type":"Function","source":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3","signature_version":"v1","digest":{"function_hash":"150732268746904783890200202889608657611","length":931}},{"deprecated":false,"target":{"file":"hphp/runtime/base/object-data.cpp"},"id":"CVE-2020-1900-5bb7a3f3","signature_type":"Line","source":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3","signature_version":"v1","digest":{"line_hashes":["319370469949607528258900883936558130478","19056843371057609482005153843118411412","224510060117883053613959646770243998371"],"threshold":0.9}},{"deprecated":false,"target":{"file":"hphp/runtime/version.h"},"id":"CVE-2020-1900-b7606651","signature_type":"Line","source":"https://github.com/facebook/hhvm/commit/55dc2e1650c1e79e67b7f0ef20e51cd2d504a4bb","signature_version":"v1","digest":{"line_hashes":["331473762518125757472384839031571060902","4158620335537989919269120992316136210","37536044244405383633242229082848527784","140335216194151808759673220052749435881"],"threshold":0.9}},{"deprecated":false,"target":{"function":"ObjectData::reserveProperties","file":"hphp/runtime/base/object-data.cpp"},"id":"CVE-2020-1900-ba56ca6b","signature_type":"Function","source":"https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3","signature_version":"v1","digest":{"function_hash":"301093375172016626895894563153915036256","length":202}},{"deprecated":false,"target":{"file":"hphp/runtime/version.h"},"id":"CVE-2020-1900-e22db0a3","signature_type":"Line","source":"https://github.com/facebook/hhvm/commit/d6af4b525b31c96526b2508642d58dbf5c7d496c","signature_version":"v1","digest":{"line_hashes":["286093828909174357221555418457755310879","96311019219661911020751373701839576672","281574740350394436842520560909858709910","140335216194151808759673220052749435881"],"threshold":0.9}}],"vanir_signatures_modified":"2026-04-11T09:46:18Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1900.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}