CVE-2019-11935

critical

Description

Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.

References

https://www.facebook.com/security/advisories/cve-2019-11935

https://hhvm.com/blog/2019/10/28/security-update.html

https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7

Details

Source: Mitre, NVD

Published: 2019-12-04

Updated: 2019-12-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00725