CVE-2019-3561

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
29/04/2019
Last modified:
09/10/2019

Description

Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:* 3.27.7 (including)
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:* 3.28.0 (including) 3.30.4 (including)
cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:* 4.0.0 (including) 4.0.3 (including)