admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

HHVM CVEs for latest release

Browse Source
This commit is contained in:
Neal Poole 2019-11-30 13:35:18 -05:00
parent d8dcaacbc3
commit 34b1438301
No known key found for this signature in database
GPG Key ID: 38BDE4230244F384
4 changed files with 419 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
2019/11xxx/CVE-2019-11930.json
View File

@ -4,14 +4,130 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11930",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_ASSIGNED": "2019-10-28",
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "4.28.2"
},
{
"version_affected": ">=",
"version_value": "4.28.0"
},
{
"version_affected": "!=>",
"version_value": "4.27.1"
},
{
"version_affected": ">=",
"version_value": "4.27.0"
},
{
"version_affected": "!=>",
"version_value": "4.26.1"
},
{
"version_affected": ">=",
"version_value": "4.26.0"
},
{
"version_affected": "!=>",
"version_value": "4.25.1"
},
{
"version_affected": ">=",
"version_value": "4.25.0"
},
{
"version_affected": "!=>",
"version_value": "4.24.1"
},
{
"version_affected": ">=",
"version_value": "4.24.0"
},
{
"version_affected": "!=>",
"version_value": "4.23.2"
},
{
"version_affected": ">=",
"version_value": "4.9.0"
},
{
"version_affected": "!=>",
"version_value": "4.8.6"
},
{
"version_affected": ">=",
"version_value": "4.0.0"
},
{
"version_affected": "!=>",
"version_value": "3.30.12"
},
{
"version_affected": "<",
"version_value": "3.30.12"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-763: Release of Invalid Pointer or Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36",
"url": "https://github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36"
},
{
"refsource": "CONFIRM",
"name": "https://hhvm.com/blog/2019/10/28/security-update.html",
"url": "https://hhvm.com/blog/2019/10/28/security-update.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2019-11930",
"url": "https://www.facebook.com/security/advisories/cve-2019-11930"
}
]
}

61
2019/11xxx/CVE-2019-11934.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11934",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_ASSIGNED": "2019-10-28",
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "folly",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "v2019.11.04.00"
},
{
"version_affected": "<",
"version_value": "v2019.11.04.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-ID 125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/facebook/folly/commit/c321eb588909646c15aefde035fd3133ba32cdee",
"url": "https://github.com/facebook/folly/commit/c321eb588909646c15aefde035fd3133ba32cdee"
},
{
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2019-11934",
"url": "https://www.facebook.com/security/advisories/cve-2019-11934"
}
]
}

122
2019/11xxx/CVE-2019-11935.json
View File

@ -4,14 +4,130 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11935",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_ASSIGNED": "2019-10-28",
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "4.28.2"
},
{
"version_affected": ">=",
"version_value": "4.28.0"
},
{
"version_affected": "!=>",
"version_value": "4.27.1"
},
{
"version_affected": ">=",
"version_value": "4.27.0"
},
{
"version_affected": "!=>",
"version_value": "4.26.1"
},
{
"version_affected": ">=",
"version_value": "4.26.0"
},
{
"version_affected": "!=>",
"version_value": "4.25.1"
},
{
"version_affected": ">=",
"version_value": "4.25.0"
},
{
"version_affected": "!=>",
"version_value": "4.24.1"
},
{
"version_affected": ">=",
"version_value": "4.24.0"
},
{
"version_affected": "!=>",
"version_value": "4.23.2"
},
{
"version_affected": ">=",
"version_value": "4.9.0"
},
{
"version_affected": "!=>",
"version_value": "4.8.6"
},
{
"version_affected": ">=",
"version_value": "4.0.0"
},
{
"version_affected": "!=>",
"version_value": "3.30.12"
},
{
"version_affected": "<",
"version_value": "3.30.12"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7",
"url": "https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7"
},
{
"refsource": "CONFIRM",
"name": "https://hhvm.com/blog/2019/10/28/security-update.html",
"url": "https://hhvm.com/blog/2019/10/28/security-update.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2019-11935",
"url": "https://www.facebook.com/security/advisories/cve-2019-11935"
}
]
}

122
2019/11xxx/CVE-2019-11936.json
View File

@ -4,14 +4,130 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"DATE_ASSIGNED": "2019-10-28",
"ASSIGNER": "cve-assign@fb.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "4.28.2"
},
{
"version_affected": ">=",
"version_value": "4.28.0"
},
{
"version_affected": "!=>",
"version_value": "4.27.1"
},
{
"version_affected": ">=",
"version_value": "4.27.0"
},
{
"version_affected": "!=>",
"version_value": "4.26.1"
},
{
"version_affected": ">=",
"version_value": "4.26.0"
},
{
"version_affected": "!=>",
"version_value": "4.25.1"
},
{
"version_affected": ">=",
"version_value": "4.25.0"
},
{
"version_affected": "!=>",
"version_value": "4.24.1"
},
{
"version_affected": ">=",
"version_value": "4.24.0"
},
{
"version_affected": "!=>",
"version_value": "4.23.2"
},
{
"version_affected": ">=",
"version_value": "4.9.0"
},
{
"version_affected": "!=>",
"version_value": "4.8.6"
},
{
"version_affected": ">=",
"version_value": "4.0.0"
},
{
"version_affected": "!=>",
"version_value": "3.30.12"
},
{
"version_affected": "<",
"version_value": "3.30.12"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-626: Null Byte Interaction Error (Poison Null Byte)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373",
"url": "https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373"
},
{
"refsource": "CONFIRM",
"name": "https://hhvm.com/blog/2019/10/28/security-update.html",
"url": "https://hhvm.com/blog/2019/10/28/security-update.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.facebook.com/security/advisories/cve-2019-11936",
"url": "https://www.facebook.com/security/advisories/cve-2019-11936"
}
]
}