diff --git a/2019/11xxx/CVE-2019-11929.json b/2019/11xxx/CVE-2019-11929.json index a27a11e4bee..71dbb26393b 100644 --- a/2019/11xxx/CVE-2019-11929.json +++ b/2019/11xxx/CVE-2019-11929.json @@ -1,17 +1,137 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2019-10-02", "ID": "CVE-2019-11929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HHVM", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "4.24.0" + }, + { + "version_affected": "!=>", + "version_value": "4.23.2" + }, + { + "version_affected": ">=", + "version_value": "4.23.0" + }, + { + "version_affected": "!=>", + "version_value": "4.22.1" + }, + { + "version_affected": ">=", + "version_value": "4.22.0" + }, + { + "version_affected": "!=>", + "version_value": "4.21.1" + }, + { + "version_affected": ">=", + "version_value": "4.21.0" + }, + { + "version_affected": "!=>", + "version_value": "4.20.3" + }, + { + "version_affected": ">=", + "version_value": "4.20.0" + }, + { + "version_affected": "!=>", + "version_value": "4.19.2" + }, + { + "version_affected": ">=", + "version_value": "4.19.0" + }, + { + "version_affected": "!=>", + "version_value": "4.18.3" + }, + { + "version_affected": ">=", + "version_value": "4.9.0" + }, + { + "version_affected": "!=>", + "version_value": "4.8.5" + }, + { + "version_affected": ">=", + "version_value": "4.0.0" + }, + { + "version_affected": "!=>", + "version_value": "3.30.11" + }, + { + "version_affected": "<=", + "version_value": "3.30.10" + } + ] + } + } + ] + }, + "vendor_name": "Facebook" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692", + "url": "https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692" + }, + { + "refsource": "CONFIRM", + "name": "https://hhvm.com/blog/2019/09/25/security-update.html", + "url": "https://hhvm.com/blog/2019/09/25/security-update.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.facebook.com/security/advisories/cve-2019-11929", + "url": "https://www.facebook.com/security/advisories/cve-2019-11929" } ] }