PT-2019-12571 · Facebook · Hhvm

Published

2019-12-04

Updated

2019-12-11

CVE-2019-11935

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HHVM versions prior to 3.30.12 HHVM versions 4.0.0 through 4.8.5 HHVM versions 4.9.0 through 4.23.1 HHVM versions 4.24.0 through 4.28.1

Description The issue is caused by insufficient boundary checks when processing a string in the mb ereg replace function, allowing access to out-of-bounds memory.

Recommendations For HHVM versions prior to 3.30.12, update to version 3.30.12 or later. For HHVM versions 4.0.0 through 4.8.5, update to a version outside of this range. For HHVM versions 4.9.0 through 4.23.1, update to a version outside of this range. For HHVM versions 4.24.0 through 4.28.1, update to a version later than 4.28.1. As a temporary workaround, consider restricting the use of the mb ereg replace function until a patch is available.

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-125

Related Identifiers

CVE-2019-11935

Affected Products

Hhvm

PT-2019-12571 · Facebook · Hhvm

CVE-2019-11935

Weakness Enumeration

Related Identifiers

Affected Products

References · 8