Mark Williams

4 exploits Active since Jun 2019
CVE-2019-12387 WRITEUP MEDIUM WRITEUP
Twisted < 19.2.1 - HTTP Request Smuggling via CRLF Injection
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
CVSS 6.1
CVE-2020-1888 WRITEUP HIGH WRITEUP
HHVM < 4.8.7 - Denial of Service via JSON Decoding Out-of-Bounds Read
Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
CVSS 7.5
CVE-2020-1892 WRITEUP HIGH WRITEUP
HHVM < 4.8.7 - Out-of-bounds Read in JSON Parser
Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
CVSS 8.1
CVE-2020-1893 WRITEUP HIGH WRITEUP
HHVM < 4.8.7 - Denial of Service via JSON Decoding Out-of-Bounds Read
Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7.
CVSS 7.5