CVE-2019-11935

Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7	Patch Third Party Advisory
https://hhvm.com/blog/2019/10/28/security-update.html	Vendor Advisory
https://www.facebook.com/security/advisories/cve-2019-11935	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm:4.24.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.25.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.26.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.27.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.28.0:::::::*
	cpe:2.3:a:facebook:hhvm:4.28.1:::::::*

History

No history.

Information

Published : 2019-12-04 17:16

Updated : 2023-12-10 13:13

NVD link : CVE-2019-11935

Mitre link : CVE-2019-11935

CVE.ORG link : CVE-2019-11935

JSON object : View

Products Affected

facebook

hhvm

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-125

Out-of-bounds Read

{"id": "CVE-2019-11935", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-12-04T17:16:43.257", "references": [{"url": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7", "tags": ["Patch", "Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://hhvm.com/blog/2019/10/28/security-update.html", "tags": ["Vendor Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://www.facebook.com/security/advisories/cve-2019-11935", "tags": ["Vendor Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1."}, {"lang": "es", "value": "Las comprobaciones de l\u00edmite insuficientes cuando se procesa una cadena en mb_ereg_replace permiten un acceso a la memoria fuera de l\u00edmites. Este problema afecta HHVM versiones anteriores a la versi\u00f3n 3.30.12, todas las versiones entre 4.0.0 y 4.8.5, todas las versiones entre 4.9.0 y 4.23.1, as\u00ed como las versiones 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0 y 4.28.1."}], "lastModified": "2019-12-11T18:32:37.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8452024-B97D-4B7B-BB28-AC04328E67B2", "versionEndExcluding": "3.30.12"}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47FAA7FF-64A7-451F-A389-6CA4240D7871", "versionEndIncluding": "4.8.5", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12366B66-DE3D-4387-83BC-E01C77393D58", "versionEndIncluding": "4.23.1", "versionStartIncluding": "4.9.0"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.24.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76F33DEA-0DB2-46B5-82C3-CA75D07C952D"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.25.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B098BF0-EA28-44FA-A5D0-BDE05C2E9FE8"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.26.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0950ED00-A5DC-4DA6-906F-CDC03EE2DA5A"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.27.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D77D46F2-A17B-4CEA-A003-F7952EE3342D"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.28.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D53212BA-6BF8-4FE2-980C-371D5EF170E5"}, {"criteria": "cpe:2.3:a:facebook:hhvm:4.28.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F182E9B3-838C-4AFA-94B5-77D30098712E"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}