How severe is CVE-2019-11929?

CVE-2019-11929 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2019-11929

Name: hhvm
Author: facebook

9.8CRITICAL

Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions p

Published: 10/2/2019Updated: 11/21/2024

Description

Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.

AI AnalysisPowered by AI

Affected Products

facebookhhvm

4.19.0

facebookhhvm

4.19.1

facebookhhvm

4.20.0

facebookhhvm

4.20.1

facebookhhvm

4.20.2

facebookhhvm

4.21.0

facebookhhvm

4.22.0

facebookhhvm

4.23.0

References

https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692
PatchThird Party Advisory
https://hhvm.com/blog/2019/09/25/security-update.html
Vendor Advisory
https://www.facebook.com/security/advisories/cve-2019-11929
Third Party Advisory
https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692
PatchThird Party Advisory
https://hhvm.com/blog/2019/09/25/security-update.html
Vendor Advisory
https://www.facebook.com/security/advisories/cve-2019-11929
Third Party Advisory