Memory Access Vulnerability in HHVM by Facebook
CVE-2019-11935

9.8CRITICAL

Key Information:

Vendor

Facebook

Status
Hhvm
Vendor
CVE Published:
4 December 2019

What is CVE-2019-11935?

This vulnerability occurs due to inadequate boundary checks in the mb_ereg_replace function of HHVM, potentially allowing for out-of-bounds memory access. Attackers may exploit this weakness to manipulate memory in ways that could lead to application instability or app behaviors that compromise security. It's crucial for users to update to the secure versions to mitigate this risk.

Affected Version(s)

HHVM 4.28.2

HHVM 4.28.0

HHVM 4.27.1

References

https://hhvm.com/blog/2019/10/28/security-update.html
x_refsource_CONFIRM
https://github.com/facebook/hhvm/commit/1c518555dba6ceb45...
x_refsource_CONFIRM
https://www.facebook.com/security/advisories/cve-2019-11935
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.