CVE-2019-11929

Insufficient boundary checks when formatting numbers in numberformat allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and...

CVE-2019-11929

Insufficient boundary checks when formatting numbers in numberformat allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and...

CVE-2019-11929

Insufficient boundary checks when formatting numbers in numberformat allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and...

CVE-2019-11929

CVE-2019-11929 affects HHVM. The issue is insufficient boundary checks when formatting numbers in number_format, enabling read/write access to out-of-bounds memory and potentially remote code execution. Affected HHVM versions include prior to 3.30.10, and all 4.x releases up to 4.23.0 (specifical...

CVE-2019-11929

Insufficient boundary checks when formatting numbers in numberformat allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and...

CVE-2018-6345

The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...

Heap overflow

The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...

CVE-2018-6345

The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...

CVE-2018-6345

The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...

CVE-2018-6345

The CVE-2018-6345 entry concerns Facebook HHVM’s number_format function. Concrete details from connected sources show a heap overflow in number_format when the second argument ($dec_points) is excessively large, affecting all supported HHVM versions up to 3.30.1 and 3.27.5 and earlier. The underl...

PHP 5.6.x < 5.6.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.27. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...

Tenable SecurityCenter PHP < 5.6.27 Multiple Vulnerabilities

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - A use-after-free error exists in the unserialize function that allows an unauthenticated, remote attacker to...

Internet Bug Bounty: Memory corruption due to missing check size in _php_math_number_format_ex()

The fix for this bug has been committed: https://bugs.php.net/bug.php?id=73424 Description: ------------ I have found some vulnerable code at phpmathnumberformatex function. phpmathnumberformatex function is an internal function which is called from numberformat function. numberformat function...

PHP 5.6.x < 5.6.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.27. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...

Internet Bug Bounty: Write out-of-bounds at number_format

Upstream Bug --- https://bugs.php.net/bug.php?id=73240 Summary -- When the numberformat function receives decimals parameter and decpoint length parameter equal or close to 0x7fffffff, integer overflow occurs in reslen variable, this causes a write heap overflow. USEZENDALLOC=0...