CVE-2019-11936 | SynScan

Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2019-11936

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.

Published: Dec 4, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11936
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
facebook / hhvm	4.0.0	4.8.5.x
facebook / hhvm	-	3.30.12
facebook / hhvm	4.9.0	4.23.1.x
facebook / hhvm	4.24.0	4.24.0.x
facebook / hhvm	4.25.0	4.25.0.x
facebook / hhvm	4.26.0	4.26.0.x
facebook / hhvm	4.27.0	4.27.0.x
facebook / hhvm	4.28.0	4.28.0.x
facebook / hhvm	4.28.1	4.28.1.x