CVE-2019-11936 is a vulnerability in Facebook Hhvm
Published on December 4, 2019
Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
Weakness Type
What is a Poison Null Byte Vulnerability?
The product does not properly handle null bytes or NUL characters when passing data between different representations or components.
CVE-2019-11936 has been classified to as a Poison Null Byte vulnerability or weakness.
Products Associated with CVE-2019-11936
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-11936 are published in Facebook Hhvm:
Affected Versions
Facebook HHVM:- Version 4.28.2 is affected.
- Version 4.28.0 and below unspecified is affected.
- Version 4.27.1 is affected.
- Version 4.27.0 and below unspecified is affected.
- Version 4.26.1 is affected.
- Version 4.26.0 and below unspecified is affected.
- Version 4.25.1 is affected.
- Version 4.25.0 and below unspecified is affected.
- Version 4.24.1 is affected.
- Version 4.24.0 and below unspecified is affected.
- Version 4.23.2 is affected.
- Version 4.9.0 and below unspecified is affected.
- Version 4.8.6 is affected.
- Version 4.0.0 and below unspecified is affected.
- Version 3.30.12 is affected.
- Version unspecified and below 3.30.12 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.