CVE-2019-11936
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-11936
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11936.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11936
- Downstream
- Published
- 2019-12-04T17:16:43.617Z
- Modified
- 2025-11-20T10:56:39.796911Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
- References
Affected packages
Git / github.com/facebook/hhvm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hhvm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
HPHP-2.*
HPHP-2.1.0
gcc-4.*
gcc-4.6
nightly-2019.*
nightly-2019.03.28
nightly-2019.03.29
nightly-2019.03.30
nightly-2019.03.31
nightly-2019.04.01
nightly-2019.04.02
nightly-2019.04.03
nightly-2019.04.04
nightly-2019.04.05
nightly-2019.04.06
nightly-2019.04.07
nightly-2019.04.08
nightly-2019.04.09
nightly-2019.04.10
nightly-2019.04.11
nightly-2019.04.12
nightly-2019.04.13
nightly-2019.04.14
nightly-2019.04.15
nightly-2019.04.16
nightly-2019.04.17
nightly-2019.04.18
nightly-2019.04.19
nightly-2019.04.20
nightly-2019.04.21
nightly-2019.04.22
nightly-2019.04.23
nightly-2019.04.24
nightly-2019.04.25
nightly-2019.04.26
nightly-2019.04.27
nightly-2019.04.28
nightly-2019.04.29
nightly-2019.04.30
nightly-2019.05.01
nightly-2019.05.02
nightly-2019.05.03
nightly-2019.05.04
nightly-2019.05.05
nightly-2019.05.06
nightly-2019.05.07
nightly-2019.05.08
nightly-2019.05.09
nightly-2019.05.10
nightly-2019.05.11
nightly-2019.05.12
nightly-2019.05.13
nightly-2019.05.14
nightly-2019.05.15
nightly-2019.05.16
nightly-2019.05.17
nightly-2019.05.18
nightly-2019.05.19
nightly-2019.05.20
nightly-2019.05.21
nightly-2019.05.22
nightly-2019.05.23
nightly-2019.05.24
nightly-2019.05.25
nightly-2019.05.26
nightly-2019.05.27
nightly-2019.05.28
nightly-2019.05.29
nightly-2019.05.30
nightly-2019.05.31
nightly-2019.06.01
nightly-2019.06.02
nightly-2019.06.03
nightly-2019.06.04
nightly-2019.06.05
nightly-2019.06.06
nightly-2019.06.07
nightly-2019.06.08
nightly-2019.06.09
nightly-2019.06.10
nightly-2019.06.11
nightly-2019.06.12
nightly-2019.06.13
nightly-2019.06.14
nightly-2019.06.15
nightly-2019.06.16
nightly-2019.06.17
nightly-2019.06.18
nightly-2019.06.19
nightly-2019.06.20
nightly-2019.06.21
nightly-2019.06.22
nightly-2019.06.23
nightly-2019.06.24
nightly-2019.06.25
nightly-2019.06.26
nightly-2019.06.27
nightly-2019.06.28
nightly-2019.06.29
nightly-2019.06.30
nightly-2019.07.01
nightly-2019.07.02
nightly-2019.07.03
nightly-2019.07.04
nightly-2019.07.05
nightly-2019.07.06
nightly-2019.07.07
nightly-2019.07.08
nightly-2019.07.09
nightly-2019.07.10
nightly-2019.07.11
nightly-2019.07.12
nightly-2019.07.13
nightly-2019.07.14
nightly-2019.07.15
nightly-2019.07.16
nightly-2019.07.17
nightly-2019.07.18
nightly-2019.07.19
nightly-2019.07.20
nightly-2019.07.21
nightly-2019.07.22
nightly-2019.07.23
nightly-2019.07.24
nightly-2019.07.25
nightly-2019.07.26
nightly-2019.07.27
nightly-2019.07.28
nightly-2019.07.29
nightly-2019.07.30
nightly-2019.07.31
nightly-2019.08.01
nightly-2019.08.02
nightly-2019.08.03
nightly-2019.08.04
nightly-2019.08.05
nightly-2019.08.06
nightly-2019.08.07
nightly-2019.08.08
nightly-2019.08.09
nightly-2019.08.10
nightly-2019.08.11
nightly-2019.08.12
nightly-2019.08.13
nightly-2019.08.14
nightly-2019.08.15
nightly-2019.08.16
nightly-2019.08.17
nightly-2019.08.18
nightly-2019.08.19
nightly-2019.08.20
nightly-2019.08.21
nightly-2019.08.22
nightly-2019.08.23
nightly-2019.08.24
nightly-2019.08.25
nightly-2019.08.26
nightly-2019.08.27
nightly-2019.08.28
nightly-2019.08.29
nightly-2019.08.30
nightly-2019.08.31
nightly-2019.09.01
nightly-2019.09.02
nightly-2019.09.03
nightly-2019.09.04
nightly-2019.09.05
nightly-2019.09.06
nightly-2019.09.07
nightly-2019.09.08
nightly-2019.09.09
nightly-2019.09.10
nightly-2019.09.11
nightly-2019.09.12
nightly-2019.09.13
nightly-2019.09.14
nightly-2019.09.15
nightly-2019.09.16
nightly-2019.09.17
nightly-2019.09.18
nightly-2019.09.19
nightly-2019.09.20
nightly-2019.09.21
nightly-2019.09.22
nightly-2019.09.23
nightly-2019.09.24
nightly-2019.09.25
nightly-2019.09.26
nightly-2019.09.27
nightly-2019.09.28
nightly-2019.09.29
nightly-2019.09.30
nightly-2019.10.01
nightly-2019.10.02
nightly-2019.10.03
nightly-2019.10.04
nightly-2019.10.05
nightly-2019.10.06
nightly-2019.10.07
nightly-2019.10.08
nightly-2019.10.09
nightly-2019.10.10
nightly-2019.10.11
nightly-2019.10.12
nightly-2019.10.13
nightly-2019.10.14
nightly-2019.10.15
nightly-2019.10.16
nightly-2019.10.17
nightly-2019.10.18
nightly-2019.10.19
nightly-2019.10.20
nightly-2019.10.21
nightly-2019.10.22
nightly-2019.10.23
nightly-2019.10.24
nightly-2019.10.25
nightly-2019.10.26
nightly-2019.10.27
nightly-2019.10.28
Other
pre-hhvm
src-hphp
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "302786188655341176538009649730954679767",
"length": 182.0
},
"source": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373",
"deprecated": false,
"target": {
"file": "hphp/runtime/ext/apc/ext_apc.cpp",
"function": "HHVM_FUNCTION"
},
"id": "CVE-2019-11936-79335f36",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"272383221625612781565429246263297881767",
"319797992090862512114749734969686443669",
"295831921326286298335842687405207353372",
"305562886381209043231772599449180369822",
"115560305413547634008857972826653056104",
"83240489537598737171175316379002323875",
"23114098130925324082306240880706608492",
"243880614582201667003046830805013707849",
"95289273938295999470573582580578174719",
"152800414575430260398438250564844505240",
"95883931890617597031057289183021201189",
"234172858145200805186308859744956047050",
"26169654246667068205173203889196660775",
"164607987509991891595275927492239586575",
"39059742752132932642733486614628754354",
"21388373989700720146858304177976489201",
"11920046040157090883958568676035442728",
"307981881315057116297410874488175117134",
"231425135890221893554356768638438099619",
"54148143155449799308330083378500776720",
"325043648044835681911180789382899178307",
"101299609180267778840631744430142036223",
"288869218235139172390023271261607537686",
"317283546901582461892172850792465514514",
"287027819856495634762601197117942961686"
]
},
"source": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373",
"deprecated": false,
"target": {
"file": "hphp/runtime/ext/apc/ext_apc.cpp"
},
"id": "CVE-2019-11936-a3c0dc26",
"signature_version": "v1",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "95810590965850853596851980356340311974",
"length": 711.0
},
"source": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373",
"deprecated": false,
"target": {
"file": "hphp/runtime/ext/apc/ext_apc.cpp",
"function": "HHVM_FUNCTION"
},
"id": "CVE-2019-11936-bd71796f",
"signature_version": "v1",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "211753672372970894029616592572861779238",
"length": 760.0
},
"source": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373",
"deprecated": false,
"target": {
"file": "hphp/runtime/ext/apc/ext_apc.cpp",
"function": "HHVM_FUNCTION"
},
"id": "CVE-2019-11936-c9d09532",
"signature_version": "v1",
"signature_type": "Function"
}
]