Insufficient Boundary Checks in HHVM Leads to Potential Remote Code Execution
CVE-2019-11929
9.8CRITICAL
What is CVE-2019-11929?
The vulnerability in HHVM arises from insufficient boundary checks during number formatting processes in the number_format function. This flaw allows potential attackers to read and write to out-of-bounds memory locations, which could lead to remote code execution. The issue is serious as it affects a range of versions, potentially exposing numerous deployments to exploitations if not updated promptly. Users are advised to upgrade their HHVM installations to the latest versions to mitigate this security risk.
Affected Version(s)
HHVM 4.24.0
HHVM 4.23.2
HHVM 4.23.0