Vulnerability Database

314,433

Total vulnerabilities in the database

CVE-2019-3561

Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).

Published: Apr 29, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-3561
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-125
CWE-119

Affected Software
References

Software	From	Fixed in
facebook / hhvm	4.0.0	4.0.3.x
facebook / hhvm	-	3.27.7.x
facebook / hhvm	3.28.0	3.30.4.x

https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75
https://hhvm.com/blog/2019/04/03/hhvm-4.0.4.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo