HHVM versions prior to 3.30.10 Memory Buffer Overflow Vulnerability 


HHVM versions prior to 3.30.10 suffer from Memory Buffer Overflow Vulnerability


The information has been provided by Vendor.

The original article can be found at: https://hhvm.com/blog/2019/09/25/security-update.html



Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution.

Vulnerable Systems: 

 HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.

CVE Information:


Disclosure Timeline:

Published Date:10/02/2019