| Vulnerability Name: | CVE-2019-11935 (CCN-172576) | ||||||||||||
| Assigned: | 2019-10-28 | ||||||||||||
| Published: | 2019-10-28 | ||||||||||||
| Updated: | 2019-12-11 | ||||||||||||
| Summary: | Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-120 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-11935 Source: XF Type: UNKNOWN facebook-cve201911935-info-disc(172576) Source: CCN Type: hhvm GIT Repository Fix buffer overflow in mb_ereg_replace Source: CONFIRM Type: Patch, Third Party Advisory https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7 Source: CONFIRM Type: Vendor Advisory https://hhvm.com/blog/2019/10/28/security-update.html Source: CCN Type: Facebook Web site CVE-2019-11935 Source: CONFIRM Type: Vendor Advisory https://www.facebook.com/security/advisories/cve-2019-11935 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||