CVE-2021-24036 – This CVE describes an integer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2021-24036?

CVE-2021-24036 has a CVSS score of 9.8 (CRITICAL). This CVE describes an integer overflow vulnerability in Facebook's folly library that affects HHVM. An attacker can pass a controlled size when creating an IOBuf, causing heap corruption that could lead to remote code execution. This affects specific versions of folly and HHVM as detailed in the advisory.

📋 TL;DR

This CVE describes an integer overflow vulnerability in Facebook's folly library that affects HHVM. An attacker can pass a controlled size when creating an IOBuf, causing heap corruption that could lead to remote code execution. This affects specific versions of folly and HHVM as detailed in the advisory.

💻 Affected Systems

Products:

folly
HHVM

Versions: folly prior to v2021.07.22.00; HHVM: prior to 4.80.5, 4.81.0-4.102.1, 4.103.0-4.113.0, and specific versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0, 4.118.1

Operating Systems: All platforms running affected software

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using affected versions of folly or HHVM is vulnerable by default when processing untrusted input.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attacker to execute arbitrary code on affected systems.

🟠

Likely Case

Denial of service through application crashes or potential remote code execution in vulnerable configurations.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are applied, though risk remains significant.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

The vulnerability requires attacker-controlled input but has high CVSS score indicating significant exploit potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: folly v2021.07.22.00; HHVM: 4.80.5, 4.102.2, 4.113.1, 4.119.0

Vendor Advisory: https://www.facebook.com/security/advisories/cve-2021-24036

Restart Required: Yes

Instructions:

1. Update folly to v2021.07.22.00 or later. 2. Update HHVM to patched versions: 4.80.5, 4.102.2, 4.113.1, or 4.119.0. 3. Restart affected services after patching.

🔧 Temporary Workarounds

Input validation

all

Implement strict input validation for size parameters passed to IOBuf creation functions

🧯 If You Can't Patch

Implement network segmentation to isolate affected systems from untrusted networks
Apply strict input validation and sanitization for all user-controlled parameters

🔍 How to Verify

Check if Vulnerable:

Check folly version: grep -r 'FOLLY_VERSION' /path/to/folly/ or check HHVM version: hhvm --version

Check Version:

hhvm --version

Verify Fix Applied:

Verify installed versions: folly >= v2021.07.22.00 and HHVM version not in affected ranges

📡 Detection & Monitoring

Log Indicators:

Application crashes
Memory corruption errors
Unexpected process termination

Network Indicators:

Unusual network traffic to HHVM services
Exploit attempts targeting specific endpoints

SIEM Query:

source="*hhvm*" AND (event="crash" OR event="segfault" OR event="memory_error")

📊 Metadata

CVE ID: CVE-2021-24036

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: July 23, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 Patch,Third Party Advisory
https://hhvm.com/blog/2021/07/20/security-update.html Product,Vendor Advisory
https://www.facebook.com/security/advisories/cve-2021-24036 Vendor Advisory
https://github.com/facebook/folly/commit/4f304af1411e68851bdd00ef6140e9de4616f7d3 Patch,Third Party Advisory
https://hhvm.com/blog/2021/07/20/security-update.html Product,Vendor Advisory
https://www.facebook.com/security/advisories/cve-2021-24036 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24036, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Folly by Facebook

Hhvm by Facebook

Hhvm by Facebook

Hhvm by Facebook

Hhvm by Facebook

Hhvm by Facebook

Hhvm by Facebook

Hhvm by Facebook

Hhvm by Facebook

Hhvm by Facebook

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input validation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities