CVE-2019-11930
N/A
N/A
Summary
An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HHVM | 4.28.2 | affected | |
| HHVM | 4.28.0 < unspecified | affected | |
| HHVM | 4.27.1 | affected | |
| HHVM | 4.27.0 < unspecified | affected | |
| HHVM | 4.26.1 | affected | |
| HHVM | 4.26.0 < unspecified | affected | |
| HHVM | 4.25.1 | affected | |
| HHVM | 4.25.0 < unspecified | affected | |
| HHVM | 4.24.1 | affected | |
| HHVM | 4.24.0 < unspecified | affected | |
| HHVM | 4.23.2 | affected | |
| HHVM | 4.9.0 < unspecified | affected | |
| HHVM | 4.8.6 | affected | |
| HHVM | 4.0.0 < unspecified | affected | |
| HHVM | 3.30.12 | affected | |
| HHVM | unspecified < 3.30.12 | affected |
Weaknesses
- CWE-763: CWE-763: Release of Invalid Pointer or Reference
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36
- https://hhvm.com/blog/2019/10/28/security-update.html
- https://www.facebook.com/security/advisories/cve-2019-11930
References
- https://github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36
- https://hhvm.com/blog/2019/10/28/security-update.html
- https://www.facebook.com/security/advisories/cve-2019-11930
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.