CVE-2019-11935

Summary

Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.

Affected Software

VendorProductVersion RangeStatus
FacebookHHVM4.28.2affected
FacebookHHVM4.28.0 < unspecifiedaffected
FacebookHHVM4.27.1affected
FacebookHHVM4.27.0 < unspecifiedaffected
FacebookHHVM4.26.1affected
FacebookHHVM4.26.0 < unspecifiedaffected
FacebookHHVM4.25.1affected
FacebookHHVM4.25.0 < unspecifiedaffected
FacebookHHVM4.24.1affected
FacebookHHVM4.24.0 < unspecifiedaffected
FacebookHHVM4.23.2affected
FacebookHHVM4.9.0 < unspecifiedaffected
FacebookHHVM4.8.6affected
FacebookHHVM4.0.0 < unspecifiedaffected
FacebookHHVM3.30.12affected
FacebookHHVMunspecified < 3.30.12affected

Weaknesses

  • CWE-125: CWE-125: Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

References