Linux Distros Unpatched Vulnerability : CVE-2019-3557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some...

CVE-2025-24374 Twig fixes a security issue where escaping was missing when using null coalesce operator (??)

Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0...

UBUNTU-CVE-2019-3557

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as streamgetline, to trigger an out-of-bounds read when operating on such malformed streams. The implementations wer...

Out-of-bounds

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as streamgetline, to trigger an out-of-bounds read when operating on such malformed streams. The implementations wer...

CVE-2019-3557

CVE-2019-3557 affects HHVM, specifically all supported versions up to 3.30 and 3.27.4 and below. The root cause is improper readImpl implementations for streams backed by bz2 and php://output, which returned -1, causing some stream functions (for example, stream_get_line) to trigger an out-of-bou...