CVE-2019-11930 is a vulnerability in Facebook Hhvm
Published on December 4, 2019
An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
Weakness Type
Release of Invalid Pointer or Reference
The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
Products Associated with CVE-2019-11930
Want to know whenever a new CVE is published for Facebook Hhvm? stack.watch will email you.
Affected Versions
Facebook HHVM:- Version 4.28.2 is affected.
- Version 4.28.0 and below unspecified is affected.
- Version 4.27.1 is affected.
- Version 4.27.0 and below unspecified is affected.
- Version 4.26.1 is affected.
- Version 4.26.0 and below unspecified is affected.
- Version 4.25.1 is affected.
- Version 4.25.0 and below unspecified is affected.
- Version 4.24.1 is affected.
- Version 4.24.0 and below unspecified is affected.
- Version 4.23.2 is affected.
- Version 4.9.0 and below unspecified is affected.
- Version 4.8.6 is affected.
- Version 4.0.0 and below unspecified is affected.
- Version 3.30.12 is affected.
- Version unspecified and below 3.30.12 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.