PT-2019-16606 · Facebook · Hhvm
Publicado
2019-01-15
·
Atualizado
2019-10-09
·
CVE-2019-3557
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HHVM versions 3.30 and 3.27.4 and below
Description
The issue is related to the improper implementation of readImpl functions in streams for bz2 and php://output, which consistently returned -1. This caused certain stream functions, such as stream get line, to trigger an out-of-bounds read when operating on malformed streams. The implementations were updated to return valid values consistently.
Recommendations
For HHVM versions 3.30 and 3.27.4 and below, update the implementations of streams for bz2 and php://output to return valid values consistently to prevent out-of-bounds reads.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hhvm