CVE-2019-11936

EPSS 1.5%CWE-626

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.

Productos afectados

Facebook · HHVM

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373 https://hhvm.com/blog/2019/10/28/security-update.html https://www.facebook.com/security/advisories/cve-2019-11936