PT-2019-12572 · Facebook · Hhvm

Publicado

2019-12-04

Atualizado

2021-09-14

CVE-2019-11936

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HHVM versions prior to 3.30.12 HHVM versions 4.0.0 through 4.8.5 HHVM versions 4.9.0 through 4.23.1 HHVM versions 4.24.0 through 4.28.1

Description The issue arises from various APC functions accepting keys with null bytes as input, resulting in premature truncation of input.

Recommendations For versions prior to 3.30.12, update to version 3.30.12 or later. For versions 4.0.0 through 4.8.5, update to a version outside of this range. For versions 4.9.0 through 4.23.1, update to a version outside of this range. For versions 4.24.0 through 4.28.1, update to a version later than 4.28.1.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-626

Identificadores relacionados

CVE-2019-11936

Produtos afetados

Hhvm

PT-2019-12572 · Facebook · Hhvm

CVE-2019-11936

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8