CVE-2019-3561

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-3561

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3561.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-3561

Downstream

UBUNTU-CVE-2019-3561

Published

2019-04-29T16:29:00.890Z

Modified

2025-11-14T09:49:32.998150Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).

References

Affected packages

Git / github.com/facebook/hhvm

Affected ranges

Type: GIT
Repo: https://github.com/facebook/hhvm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

46003b4ab564b2abcd8470035fc324fe36aa8c75

Affected versions

HPHP-2.*

HPHP-2.1.0

gcc-4.*

gcc-4.6

nightly-2019.*

nightly-2019.03.28

nightly-2019.03.29

nightly-2019.03.30

nightly-2019.03.31

nightly-2019.04.01

nightly-2019.04.02

nightly-2019.04.03

nightly-2019.04.04

nightly-2019.04.05

nightly-2019.04.06

Other

pre-hhvm

src-hphp

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-3561-3ddd119f",
        "digest": {
            "line_hashes": [
                "237452518112066165983525395992909300297",
                "201214131138209606689671867247993415808",
                "54610128377508543250730928848483970785",
                "242789402674019831977301466791096821524",
                "336500895925397030468145046104198748865",
                "240456634794077132233795511227815704682",
                "317974168923229943747046666349420255385",
                "292506728868866469570125519499549710225",
                "302443854434745939084252164859834459713",
                "302007955615939091473769814165926974232",
                "138838629942511319016801371804450144799",
                "85857119893084953972032221252929689699",
                "263102628692895693081848348495429617013",
                "271038400235954996429477344837723342111"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75",
        "target": {
            "file": "hphp/runtime/base/zend-string.cpp"
        },
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2019-3561-c8e5caec",
        "digest": {
            "length": 692.0,
            "function_hash": "233803255982675561415569984624047836652"
        },
        "source": "https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75",
        "target": {
            "file": "hphp/runtime/base/zend-string.cpp",
            "function": "string_rfind"
        },
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3561.json"