PT-2019-12572 · Facebook · Hhvm
Published
2019-12-04
·
Updated
2021-09-14
·
CVE-2019-11936
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HHVM versions prior to 3.30.12
HHVM versions 4.0.0 through 4.8.5
HHVM versions 4.9.0 through 4.23.1
HHVM versions 4.24.0 through 4.28.1
Description
The issue arises from various APC functions accepting keys with null bytes as input, resulting in premature truncation of input.
Recommendations
For versions prior to 3.30.12, update to version 3.30.12 or later.
For versions 4.0.0 through 4.8.5, update to a version outside of this range.
For versions 4.9.0 through 4.23.1, update to a version outside of this range.
For versions 4.24.0 through 4.28.1, update to a version later than 4.28.1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hhvm