{
	"CVE_data_meta": {
		"ASSIGNER": "cve-assign@fb.com",
		"DATE_ASSIGNED": "2021-05-04",
		"ID": "CVE-2021-24036",
		"STATE": "PUBLIC"
	},
	"affects": {
		"vendor": {
			"vendor_data": [
				{
					"vendor_name": "Facebook",
					"product": {
						"product_data": [
							{
								"product_name": "folly",
								"version": {
									"version_data": [
										{
											"version_affected": "!>=",
											"version_value": "v2021.07.22.00"
										},
										{
											"version_affected": "<",
											"version_value": "v2021.07.22.00"
										}
									]
								}
							},
							{
								"product_name": "HHVM",
								"version": {
									"version_data": [
										{
											"version_affected": "!>=",
											"version_value": "4.118.2"
										},
										{
											"version_affected": ">=",
											"version_value": "4.118.0"
										},
										{
											"version_affected": "!>=",
											"version_value": "4.117.1"
										},
										{
											"version_affected": "=",
											"version_value": "4.117.0"
										},
										{
											"version_affected": "!>=",
											"version_value": "4.116.1"
										},
										{
											"version_affected": "=",
											"version_value": "4.116.0"
										},
										{
											"version_affected": "!>=",
											"version_value": "4.115.1"
										},
										{
											"version_affected": "=",
											"version_value": "4.115.0"
										},
										{
											"version_affected": "!>=",
											"version_value": "4.114.1"
										},
										{
											"version_affected": "=",
											"version_value": "4.114.0"
										},
										{
											"version_affected": "!>=",
											"version_value": "4.113.1"
										},
										{
											"version_affected": "=",
											"version_value": "4.113.0"
										},
										{
											"version_affected": "!>=",
											"version_value": "4.102.2"
										},
										{
											"version_affected": ">=",
											"version_value": "4.102.0"
										},
										{
											"version_affected": ">=",
											"version_value": "4.81.0"
										},
										{
											"version_affected": "!>=",
											"version_value": "4.80.5"
										},
										{
											"version_affected": "<",
											"version_value": "4.80.5"
										}
									]
								}
							}
						]
					}
				}
			]
		}
	},
	"data_format": "MITRE",
	"data_type": "CVE",
	"data_version": "4.0",
	"description": {
		"description_data": [
			{
				"lang": "eng",
				"value": "Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1."
			}
		]
	},
	"problemtype": {
		"problemtype_data": [
			{
				"description": [
					{
						"lang": "eng",
						"value": "Heap-based Buffer Overflow (CWE-122)"
					}
				]
			}
		]
	},
	"references": {
		"reference_data": [
			{
				"refsource": "CONFIRM",
				"name": "https://hhvm.com/blog/2021/07/20/security-update.html",
				"url": "https://hhvm.com/blog/2021/07/20/security-update.html"
			},
			{
				"refsource": "MISC",
				"name": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3",
				"url": "https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3"
			},
			{
				"refsource": "CONFIRM",
				"name": "https://www.facebook.com/security/advisories/cve-2021-24036",
				"url": "https://www.facebook.com/security/advisories/cve-2021-24036"
			}
		]
	}
}