An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
References
Link | Resource |
---|---|
https://github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36 | Patch |
https://hhvm.com/blog/2019/10/28/security-update.html | Vendor Advisory |
https://www.facebook.com/security/advisories/cve-2019-11930 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: facebook
Published: 2019-12-04T16:25:19
Updated: 2019-12-04T16:25:19
Reserved: 2019-05-13T00:00:00
Link: CVE-2019-11930
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-04T17:16:43.087
Modified: 2024-02-08T20:12:24.120
Link: CVE-2019-11930
JSON object: View
Redhat Information
No data.
CWE