9.8

CVE-2019-11929

Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FacebookHhvm Version < 3.30.10
FacebookHhvm Version >= 4.0.0 <= 4.8.5
FacebookHhvm Version >= 4.9.0 <= 4.18.2
FacebookHhvm Version4.19.0
FacebookHhvm Version4.19.1
FacebookHhvm Version4.20.0
FacebookHhvm Version4.20.1
FacebookHhvm Version4.20.2
FacebookHhvm Version4.21.0
FacebookHhvm Version4.22.0
FacebookHhvm Version4.23.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.03% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692
Patch
Third Party Advisory
https://hhvm.com/blog/2019/09/25/security-update.html
Vendor Advisory
https://www.facebook.com/security/advisories/cve-2019-11929
Third Party Advisory