7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.06 Low
EPSS
Percentile
93.5%
Insufficient boundary checks when formatting numbers in number_format
allows read/write access to out-of-bounds memory, potentially leading to
remote code execution. This issue affects HHVM versions prior to 3.30.10,
all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and
4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0,
4.22.0, 4.23.0.
github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692
hhvm.com/blog/2019/09/25/security-update.html
launchpad.net/bugs/cve/CVE-2019-11929
nvd.nist.gov/vuln/detail/CVE-2019-11929
security-tracker.debian.org/tracker/CVE-2019-11929
www.cve.org/CVERecord?id=CVE-2019-11929
www.facebook.com/security/advisories/cve-2019-11929
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.06 Low
EPSS
Percentile
93.5%