CVE-2019-11929

Insufficient boundary checks when formatting numbers in numberformat allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and...

CVE-2019-11929

Insufficient boundary checks when formatting numbers in numberformat allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and...

CVE-2019-11929

Insufficient boundary checks when formatting numbers in numberformat allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and...

CVE-2019-11929

CVE-2019-11929 affects HHVM. The issue is insufficient boundary checks when formatting numbers in number_format, enabling read/write access to out-of-bounds memory and potentially remote code execution. Affected HHVM versions include prior to 3.30.10, and all 4.x releases up to 4.23.0 (specifical...

CVE-2019-11929

Insufficient boundary checks when formatting numbers in numberformat allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and...

Heap overflow

The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...

CVE-2018-6345

The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...

CVE-2018-6345

The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...

CVE-2018-6345

The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all...

CVE-2018-6345

The CVE-2018-6345 entry concerns Facebook HHVM’s number_format function. Concrete details from connected sources show a heap overflow in number_format when the second argument ($dec_points) is excessively large, affecting all supported HHVM versions up to 3.30.1 and 3.27.5 and earlier. The underl...

PHP 5.6.x < 5.6.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.27. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...

Tenable SecurityCenter PHP < 5.6.27 Multiple Vulnerabilities

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - A use-after-free error exists in the unserialize function that allows an unauthenticated, remote attacker to...

Internet Bug Bounty: Memory corruption due to missing check size in _php_math_number_format_ex()

The fix for this bug has been committed: https://bugs.php.net/bug.php?id=73424 Description: ------------ I have found some vulnerable code at phpmathnumberformatex function. phpmathnumberformatex function is an internal function which is called from numberformat function. numberformat function...

PHP 5.6.x < 5.6.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.27. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...

Internet Bug Bounty: Write out-of-bounds at number_format

Upstream Bug --- https://bugs.php.net/bug.php?id=73240 Summary -- When the numberformat function receives decimals parameter and decpoint length parameter equal or close to 0x7fffffff, integer overflow occurs in reslen variable, this causes a write heap overflow. USEZENDALLOC=0...