VDB
CVE-2019-11929
CVE-2019-11929
PUBLISHED
Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.
EPSS 4.73% · 89.6th percentile
Risk Scores
EPSS Score
4.73%
89.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | hhvm | 0, 3.11.0+dfsg-1, 3.11.1+dfsg-1 |
| Ubuntu:18.04:LTS | hhvm | *, 0, * |
Exploit Intelligence
Timeline
- Oct 2, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-11929 third-party-advisory
- https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692 third-party-advisory
- https://hhvm.com/blog/2019/09/25/security-update.html third-party-advisory
- https://www.facebook.com/security/advisories/cve-2019-11929 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-11929 third-party-advisory