Vulnerability Description
An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hhvm | < 3.30.12 |
Related Weaknesses (CWE)
References
- https://github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36Patch
- https://hhvm.com/blog/2019/10/28/security-update.htmlVendor Advisory
- https://www.facebook.com/security/advisories/cve-2019-11930Vendor Advisory
- https://github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36Patch
- https://hhvm.com/blog/2019/10/28/security-update.htmlVendor Advisory
- https://www.facebook.com/security/advisories/cve-2019-11930Vendor Advisory
FAQ
What is CVE-2019-11930?
CVE-2019-11930 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and ...
How severe is CVE-2019-11930?
CVE-2019-11930 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11930?
Check the references section above for vendor advisories and patch information. Affected products include: Facebook Hhvm.