CVE-2019-11929

Name of the Vulnerable Software and Affected Versions HHVM versions prior to 3.30.10 HHVM versions 4.0.0 through 4.8.5 HHVM versions 4.9.0 through 4.18.2 HHVM versions 4.19.0 through 4.19.1 HHVM versions 4.20.0 through 4.20.2 HHVM version 4.21.0 HHVM version 4.22.0 HHVM version 4.23.0

Description The issue is caused by insufficient boundary checks when formatting numbers in the number format function, allowing read/write access to out-of-bounds memory. This could potentially lead to remote code execution.

Recommendations For HHVM versions prior to 3.30.10, update to version 3.30.10 or later. For HHVM versions 4.0.0 through 4.8.5, update to a version outside of this range. For HHVM versions 4.9.0 through 4.18.2, update to a version outside of this range. For HHVM versions 4.19.0 through 4.19.1, update to version 4.19.2 or later. For HHVM versions 4.20.0 through 4.20.2, update to version 4.20.3 or later. For HHVM version 4.21.0, update to version 4.21.1 or later. For HHVM version 4.22.0, update to version 4.22.1 or later. For HHVM version 4.23.0, update to version 4.23.1 or later.