CVE-2019-11936 Vulnerability Details

  /     /     /  

CVE-2019-11936 Metadata Quick Info

CVE Published: 04/12/2019 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: facebook | Vendor: Facebook | Product: HHVM
Status : PUBLISHED

CVE-2019-11936 Description

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-626
CWE Name: CWE-626: Null Byte Interaction Error (Poison Null Byte)
Source: Facebook

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).