HHVM versions prior to 3.30.10 Memory Buffer Overflow Vulnerability 

Summary

HHVM versions prior to 3.30.10 suffer from Memory Buffer Overflow Vulnerability

Credit:

The information has been provided by Vendor.

The original article can be found at: https://hhvm.com/blog/2019/09/25/security-update.html

 


Details

Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution.

Vulnerable Systems: 

 HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.

CVE Information:

CVE-2019-11929

Disclosure Timeline:

Published Date:10/02/2019