First published: Wed Dec 04 2019(Updated: )
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
Credit: cve-assign@fb.com
Affected Software | Affected Version | How to fix |
---|---|---|
Facebook HHVM | <3.30.12 | |
Facebook HHVM | >=4.0.0<=4.8.5 | |
Facebook HHVM | >=4.9.0<=4.23.1 | |
Facebook HHVM | =4.24.0 | |
Facebook HHVM | =4.25.0 | |
Facebook HHVM | =4.26.0 | |
Facebook HHVM | =4.27.0 | |
Facebook HHVM | =4.28.0 | |
Facebook HHVM | =4.28.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-11935 is critical with a severity value of 9.8.
HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as versions 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1 are affected by CVE-2019-11935.
CVE-2019-11935 is a vulnerability in HHVM that allows access to out-of-bounds memory due to insufficient boundary checks when processing a string in mb_ereg_replace.
To fix CVE-2019-11935, it is recommended to update HHVM to a version that is not affected by the vulnerability.
More information about CVE-2019-11935 can be found at the following references: [Link1], [Link2], [Link3].