7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.035 Low
EPSS
Percentile
91.6%
An invalid free in mb_detect_order can cause the application to crash or
potentially result in remote code execution. This issue affects HHVM
versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all
versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0,
4.27.0, 4.28.0, and 4.28.1.
github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36
hhvm.com/blog/2019/10/28/security-update.html
launchpad.net/bugs/cve/CVE-2019-11930
nvd.nist.gov/vuln/detail/CVE-2019-11930
security-tracker.debian.org/tracker/CVE-2019-11930
www.cve.org/CVERecord?id=CVE-2019-11930
www.facebook.com/security/advisories/cve-2019-11930
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.035 Low
EPSS
Percentile
91.6%