How severe is CVE-2019-11929?

CVE-2019-11929 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2019-11929

Name: hhvm
Author: facebook

9.8CRITICAL

Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions p

公開日: 10/2/2019更新日: 11/21/2024

説明

Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.

AI分析AIによる分析

影響を受ける製品

facebookhhvm

4.19.0

facebookhhvm

4.19.1

facebookhhvm

4.20.0

facebookhhvm

4.20.1

facebookhhvm

4.20.2

facebookhhvm

4.21.0

facebookhhvm

4.22.0

facebookhhvm

4.23.0

参照

https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692
PatchThird Party Advisory
https://hhvm.com/blog/2019/09/25/security-update.html
Vendor Advisory
https://www.facebook.com/security/advisories/cve-2019-11929
Third Party Advisory
https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692
PatchThird Party Advisory
https://hhvm.com/blog/2019/09/25/security-update.html
Vendor Advisory
https://www.facebook.com/security/advisories/cve-2019-11929
Third Party Advisory