CVE-2019-3561 Information
Feb 14, 2021
cve
Description
Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3 3.30.4 and 3.27.7 and below).
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75 https://hhvm.com/blog/2019/04/03/hhvm-4.0.4.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: