Vulnerability Description
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hhvm | < 3.30.12 |
Related Weaknesses (CWE)
References
- https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7PatchThird Party Advisory
- https://hhvm.com/blog/2019/10/28/security-update.htmlVendor Advisory
- https://www.facebook.com/security/advisories/cve-2019-11935Vendor Advisory
- https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7PatchThird Party Advisory
- https://hhvm.com/blog/2019/10/28/security-update.htmlVendor Advisory
- https://www.facebook.com/security/advisories/cve-2019-11935Vendor Advisory
FAQ
What is CVE-2019-11935?
CVE-2019-11935 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5,...
How severe is CVE-2019-11935?
CVE-2019-11935 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11935?
Check the references section above for vendor advisories and patch information. Affected products include: Facebook Hhvm.