CVE-2019-3561
N/A
N/A
Summary
Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HHVM | 4.0.4 | affected | |
| HHVM | 4.0.0 < unspecified | affected | |
| HHVM | 3.30.5 | affected | |
| HHVM | 3.30.0 < unspecified | affected | |
| HHVM | 3.27.8 | affected | |
| HHVM | unspecified < 3.27.8 | affected |
Weaknesses
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75
- https://hhvm.com/blog/2019/04/03/hhvm-4.0.4.html
References
- https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75
- https://hhvm.com/blog/2019/04/03/hhvm-4.0.4.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.