CVE-2019-11929
- Source
- https://cve.org/CVERecord?id=CVE-2019-11929
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11929.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11929
- Downstream
- Published
- 2019-10-02T19:15:11.780Z
- Modified
- 2026-04-02T01:34:29.513607Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.
- References
Affected packages
Git / github.com/facebook/hhvm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hhvm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "3.30.10" }, { "introduced": "4.0.0" }, { "last_affected": "4.8.5" }, { "introduced": "4.9.0" }, { "last_affected": "4.18.2" }, { "introduced": "0" }, { "last_affected": "4.19.0" }, { "introduced": "0" }, { "last_affected": "4.19.1" }, { "introduced": "0" }, { "last_affected": "4.20.0" }, { "introduced": "0" }, { "last_affected": "4.20.1" }, { "introduced": "0" }, { "last_affected": "4.20.2" }, { "introduced": "0" }, { "last_affected": "4.21.0" }, { "introduced": "0" }, { "last_affected": "4.22.0" }, { "introduced": "0" }, { "last_affected": "4.23.0" } ] }
Affected versions
HHVM-2.*
HHVM-2.2.0
HHVM-2.3.0
HHVM-2.3.1
HHVM-2.3.2
HHVM-2.3.3
HHVM-2.4.0
HHVM-2.4.1
HHVM-2.4.2
HHVM-3.*
HHVM-3.0.0
HHVM-3.0.1
HHVM-3.1.0
HHVM-3.10.0
HHVM-3.10.1
HHVM-3.11.0
HHVM-3.11.1
HHVM-3.12.0
HHVM-3.12.1
HHVM-3.12.10
HHVM-3.12.11
HHVM-3.12.12
HHVM-3.12.13
HHVM-3.12.14
HHVM-3.12.2
HHVM-3.12.3
HHVM-3.12.4
HHVM-3.12.5
HHVM-3.12.6
HHVM-3.12.7
HHVM-3.12.8
HHVM-3.12.9
HHVM-3.13.0
HHVM-3.13.1
HHVM-3.13.2
HHVM-3.14.0
HHVM-3.14.1
HHVM-3.14.2
HHVM-3.14.3
HHVM-3.14.4
HHVM-3.14.5
HHVM-3.15.0
HHVM-3.15.1
HHVM-3.15.2
HHVM-3.15.3
HHVM-3.15.4
HHVM-3.15.5
HHVM-3.15.6
HHVM-3.15.7
HHVM-3.15.8
HHVM-3.17.0
HHVM-3.17.1
HHVM-3.17.2
HHVM-3.17.3
HHVM-3.18.0
HHVM-3.18.1
HHVM-3.18.2
HHVM-3.18.3
HHVM-3.18.4
HHVM-3.18.5
HHVM-3.18.6
HHVM-3.18.7
HHVM-3.18.8
HHVM-3.19.0
HHVM-3.19.1
HHVM-3.19.2
HHVM-3.2.0
HHVM-3.20.0
HHVM-3.20.1
HHVM-3.20.2
HHVM-3.21.0
HHVM-3.21.1
HHVM-3.21.10
HHVM-3.21.11
HHVM-3.21.2
HHVM-3.21.3
HHVM-3.21.4
HHVM-3.21.5
HHVM-3.21.6
HHVM-3.21.7
HHVM-3.21.8
HHVM-3.21.9
HHVM-3.22.0
HHVM-3.22.1
HHVM-3.23.0
HHVM-3.23.0-alpha1
HHVM-3.23.0-alpha2
HHVM-3.23.0-alpha3
HHVM-3.23.0-alpha4
HHVM-3.23.1
HHVM-3.23.2
HHVM-3.23.3
HHVM-3.23.4
HHVM-3.24.0
HHVM-3.24.1
HHVM-3.24.2
HHVM-3.24.3
HHVM-3.24.4
HHVM-3.24.5
HHVM-3.24.6
HHVM-3.24.7
HHVM-3.24.8
HHVM-3.25.0
HHVM-3.25.1
HHVM-3.25.2
HHVM-3.25.3
HHVM-3.26.0
HHVM-3.26.1
HHVM-3.26.2
HHVM-3.26.3
HHVM-3.27.0
HHVM-3.27.1
HHVM-3.27.2
HHVM-3.27.3
HHVM-3.27.4
HHVM-3.27.5
HHVM-3.27.6
HHVM-3.27.7
HHVM-3.27.8
HHVM-3.28.0
HHVM-3.28.1
HHVM-3.28.2
HHVM-3.28.3
HHVM-3.29.0
HHVM-3.29.1
HHVM-3.3.0
HHVM-3.3.1
HHVM-3.3.2
HHVM-3.3.3
HHVM-3.3.4
HHVM-3.3.5
HHVM-3.3.6
HHVM-3.3.7
HHVM-3.30.0
HHVM-3.30.1
HHVM-3.30.2
HHVM-3.30.3
HHVM-3.30.4
HHVM-3.30.5
HHVM-3.30.6
HHVM-3.30.7
HHVM-3.30.8
HHVM-3.30.9
HHVM-3.4.0
HHVM-3.4.1
HHVM-3.4.2
HHVM-3.5.0
HHVM-3.5.1
HHVM-3.6.0
HHVM-3.6.1
HHVM-3.6.2
HHVM-3.6.3
HHVM-3.6.4
HHVM-3.6.5
HHVM-3.6.6
HHVM-3.7.0
HHVM-3.7.1
HHVM-3.7.2
HHVM-3.7.3
HHVM-3.8.0
HHVM-3.8.1
HHVM-3.9.0
HHVM-3.9.1
HHVM-3.9.10
HHVM-3.9.2
HHVM-3.9.3
HHVM-3.9.4
HHVM-3.9.5
HHVM-3.9.6
HHVM-3.9.7
HHVM-3.9.8
HHVM-3.9.9
HHVM-4.*
HHVM-4.0.0
HHVM-4.0.1
HHVM-4.0.2
HHVM-4.0.3
HHVM-4.0.4
HHVM-4.1.0
HHVM-4.10.0
HHVM-4.11.0
HHVM-4.12.0
HHVM-4.12.1
HHVM-4.12.2
HHVM-4.13.0
HHVM-4.13.1
HHVM-4.13.2
HHVM-4.14.0
HHVM-4.14.1
HHVM-4.14.2
HHVM-4.15.0
HHVM-4.15.1
HHVM-4.15.2
HHVM-4.15.3
HHVM-4.16.0
HHVM-4.16.1
HHVM-4.16.2
HHVM-4.16.3
HHVM-4.16.4
HHVM-4.17.0
HHVM-4.17.1
HHVM-4.17.2
HHVM-4.17.3
HHVM-4.18.0
HHVM-4.18.1
HHVM-4.18.2
HHVM-4.19.0
HHVM-4.2.0
HHVM-4.20.0
HHVM-4.21.0
HHVM-4.22.0
HHVM-4.23.0
HHVM-4.3.0
HHVM-4.3.1
HHVM-4.4.0
HHVM-4.4.1
HHVM-4.5.0
HHVM-4.5.1
HHVM-4.6.0
HHVM-4.6.1
HHVM-4.7.0
HHVM-4.7.1
HHVM-4.8.0
HHVM-4.8.1
HHVM-4.8.2
HHVM-4.8.3
HHVM-4.8.4
HHVM-4.8.5
HHVM-4.9.0
HHVM-4.9.1
HPHP-2.*
HPHP-2.0.0
HPHP-2.0.1
HPHP-2.0.2
HPHP-2.1.0
gcc-4.*
gcc-4.6
nightly-2019.*
nightly-2019.03.28
nightly-2019.03.29
nightly-2019.03.30
nightly-2019.03.31
nightly-2019.04.01
nightly-2019.04.02
nightly-2019.04.03
nightly-2019.04.04
nightly-2019.04.05
nightly-2019.04.06
nightly-2019.04.07
nightly-2019.04.08
nightly-2019.04.09
nightly-2019.04.10
nightly-2019.04.11
nightly-2019.04.12
nightly-2019.04.13
nightly-2019.04.14
nightly-2019.04.15
nightly-2019.04.16
nightly-2019.04.17
nightly-2019.04.18
nightly-2019.04.19
nightly-2019.04.20
nightly-2019.04.21
nightly-2019.04.22
nightly-2019.04.23
nightly-2019.04.24
nightly-2019.04.25
nightly-2019.04.26
nightly-2019.04.27
nightly-2019.04.28
nightly-2019.04.29
nightly-2019.04.30
nightly-2019.05.01
nightly-2019.05.02
nightly-2019.05.03
nightly-2019.05.04
nightly-2019.05.05
nightly-2019.05.06
nightly-2019.05.07
nightly-2019.05.08
nightly-2019.05.09
nightly-2019.05.10
nightly-2019.05.11
nightly-2019.05.12
nightly-2019.05.13
nightly-2019.05.14
nightly-2019.05.15
nightly-2019.05.16
nightly-2019.05.17
nightly-2019.05.18
nightly-2019.05.19
nightly-2019.05.20
nightly-2019.05.21
nightly-2019.05.22
nightly-2019.05.23
nightly-2019.05.24
nightly-2019.05.25
nightly-2019.05.26
nightly-2019.05.27
nightly-2019.05.28
nightly-2019.05.29
nightly-2019.05.30
nightly-2019.05.31
nightly-2019.06.01
nightly-2019.06.02
nightly-2019.06.03
nightly-2019.06.04
nightly-2019.06.05
nightly-2019.06.06
nightly-2019.06.07
nightly-2019.06.08
nightly-2019.06.09
nightly-2019.06.10
nightly-2019.06.11
nightly-2019.06.12
nightly-2019.06.13
nightly-2019.06.14
nightly-2019.06.15
nightly-2019.06.16
nightly-2019.06.17
nightly-2019.06.18
nightly-2019.06.19
nightly-2019.06.20
nightly-2019.06.21
nightly-2019.06.22
nightly-2019.06.23
nightly-2019.06.24
nightly-2019.06.25
nightly-2019.06.26
nightly-2019.06.27
nightly-2019.06.28
nightly-2019.06.29
nightly-2019.06.30
nightly-2019.07.01
nightly-2019.07.02
nightly-2019.07.03
nightly-2019.07.04
nightly-2019.07.05
nightly-2019.07.06
nightly-2019.07.07
nightly-2019.07.08
nightly-2019.07.09
nightly-2019.07.10
nightly-2019.07.11
nightly-2019.07.12
nightly-2019.07.13
nightly-2019.07.14
nightly-2019.07.15
nightly-2019.07.16
nightly-2019.07.17
nightly-2019.07.18
nightly-2019.07.19
nightly-2019.07.20
nightly-2019.07.21
nightly-2019.07.22
nightly-2019.07.23
nightly-2019.07.24
nightly-2019.07.25
nightly-2019.07.26
nightly-2019.07.27
nightly-2019.07.28
nightly-2019.07.29
nightly-2019.07.30
nightly-2019.07.31
nightly-2019.08.01
nightly-2019.08.02
nightly-2019.08.03
nightly-2019.08.04
nightly-2019.08.05
nightly-2019.08.06
nightly-2019.08.07
nightly-2019.08.08
nightly-2019.08.09
nightly-2019.08.10
nightly-2019.08.11
nightly-2019.08.12
nightly-2019.08.13
nightly-2019.08.14
nightly-2019.08.15
nightly-2019.08.16
nightly-2019.08.17
nightly-2019.08.18
nightly-2019.08.19
nightly-2019.08.20
nightly-2019.08.21
nightly-2019.08.22
nightly-2019.08.23
nightly-2019.08.24
nightly-2019.08.25
nightly-2019.08.26
nightly-2019.08.27
nightly-2019.08.28
nightly-2019.08.29
nightly-2019.08.30
nightly-2019.08.31
nightly-2019.09.01
nightly-2019.09.02
nightly-2019.09.03
nightly-2019.09.04
nightly-2019.09.05
nightly-2019.09.06
nightly-2019.09.07
nightly-2019.09.08
nightly-2019.09.09
nightly-2019.09.10
nightly-2019.09.11
nightly-2019.09.12
nightly-2019.09.13
nightly-2019.09.14
nightly-2019.09.15
nightly-2019.09.16
nightly-2019.09.17
nightly-2019.09.18
Other
pre-hhvm
src-hphp
use-hphpc
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11929.json"
vanir_signatures
[
{
"target": {
"file": "hphp/runtime/base/zend-string.cpp"
},
"digest": {
"line_hashes": [
"291892732761989316588127414655556507780",
"77371674870589736897970469727307778557",
"120448928775261171333816876248003924284",
"335163077205968406262905506575961516817",
"44501993009175795450316899144745326480",
"220300078454433325036426905153971653710",
"271228619686095112893648209410149215616",
"134665741014938106677259826839097581939"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692",
"signature_version": "v1",
"id": "CVE-2019-11929-0eac49b2"
},
{
"target": {
"file": "hphp/runtime/version.h"
},
"digest": {
"line_hashes": [
"235852391414298524767191071738289001511",
"226906434534036808236890046750755363418",
"236665820971239399431053512182718904106",
"140335216194151808759673220052749435881"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/facebook/hhvm/commit/6870c5d6361293a6eccc0e1746cf03cb62faad5f",
"signature_version": "v1",
"id": "CVE-2019-11929-c890894c"
},
{
"target": {
"function": "string_number_format",
"file": "hphp/runtime/base/zend-string.cpp"
},
"digest": {
"function_hash": "176609642573453071911192205899028154909",
"length": 2147.0
},
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692",
"signature_version": "v1",
"id": "CVE-2019-11929-d8ea53c5"
}
]