{"id":"CVE-2019-11929","details":"Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.","modified":"2026-04-11T08:05:30.275905Z","published":"2019-10-02T19:15:11.780Z","references":[{"type":"ADVISORY","url":"https://hhvm.com/blog/2019/09/25/security-update.html"},{"type":"ADVISORY","url":"https://www.facebook.com/security/advisories/cve-2019-11929"},{"type":"FIX","url":"https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/hhvm","events":[{"introduced":"0"},{"fixed":"6870c5d6361293a6eccc0e1746cf03cb62faad5f"},{"introduced":"7d4f701b9ed004452d695fce4e1ef8f48babbf39"},{"last_affected":"8384c051684f8bd1a8b0238a25b2ef4c9e3463d0"},{"introduced":"0abb3b0c92e938bb7dac2d0c1603c5866e2a035b"},{"last_affected":"1595ce835cd2b6c7d840287130e9c785cc0d23a2"},{"introduced":"0"},{"last_affected":"e3f058f758c6ad9bda4a3c074872844aa7759cbf"},{"introduced":"0"},{"last_affected":"f1baa3f0dcc6367dd38e1efdc40cb8919d2da568"},{"introduced":"0"},{"last_affected":"8b8ed4b4d8a9c56ae1af0f9fa38b027047049daf"},{"introduced":"0"},{"last_affected":"11774f57c04395ed69e48546287f6552005dee12"},{"introduced":"0"},{"last_affected":"00de533e8f8016951ebed4e01e0e07e97690e9cd"},{"introduced":"0"},{"last_affected":"313269cddb26d926e3b5d90e666bc9de5e7c3d4b"},{"introduced":"0"},{"last_affected":"8b17431e211163e028aa2add580ab5091acd603f"},{"introduced":"0"},{"last_affected":"ad54a7ba4a1f73f70908696eb01381fdb64b1457"},{"fixed":"dbeb9a56a638e3fdcef8b691c2a2967132dae692"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.30.10"},{"introduced":"4.0.0"},{"last_affected":"4.8.5"},{"introduced":"4.9.0"},{"last_affected":"4.18.2"},{"introduced":"0"},{"last_affected":"4.19.0"},{"introduced":"0"},{"last_affected":"4.19.1"},{"introduced":"0"},{"last_affected":"4.20.0"},{"introduced":"0"},{"last_affected":"4.20.1"},{"introduced":"0"},{"last_affected":"4.20.2"},{"introduced":"0"},{"last_affected":"4.21.0"},{"introduced":"0"},{"last_affected":"4.22.0"},{"introduced":"0"},{"last_affected":"4.23.0"}]}}],"versions":["HHVM-3.30.0","HHVM-3.30.1","HHVM-3.30.2","HHVM-3.30.3","HHVM-3.30.4","HHVM-3.30.5","HHVM-3.30.6","HHVM-3.30.7","HHVM-3.30.8","HHVM-3.30.9","HHVM-4.18.0","HHVM-4.18.1","HHVM-4.18.2","HHVM-4.19.0","HHVM-4.19.1","HHVM-4.20.0","HHVM-4.20.1","HHVM-4.20.2","HHVM-4.21.0","HHVM-4.22.0","HHVM-4.23.0","HHVM-4.8.0","HHVM-4.8.1","HHVM-4.8.2","HHVM-4.8.3","HHVM-4.8.4","HHVM-4.8.5","HPHP-2.1.0","gcc-4.6","nightly-2019.03.28","nightly-2019.03.29","nightly-2019.03.30","nightly-2019.03.31","nightly-2019.04.01","nightly-2019.04.02","nightly-2019.04.03","nightly-2019.04.04","nightly-2019.04.05","nightly-2019.04.06","nightly-2019.04.07","nightly-2019.04.08","nightly-2019.04.09","nightly-2019.04.10","nightly-2019.04.11","nightly-2019.04.12","nightly-2019.04.13","nightly-2019.04.14","nightly-2019.04.15","nightly-2019.04.16","nightly-2019.04.17","nightly-2019.04.18","nightly-2019.04.19","nightly-2019.04.20","nightly-2019.04.21","nightly-2019.04.22","nightly-2019.04.23","nightly-2019.04.24","nightly-2019.04.25","nightly-2019.04.26","nightly-2019.04.27","nightly-2019.04.28","nightly-2019.04.29","nightly-2019.04.30","nightly-2019.05.01","nightly-2019.05.02","nightly-2019.05.03","nightly-2019.05.04","nightly-2019.05.05","nightly-2019.05.06","nightly-2019.05.07","nightly-2019.05.08","nightly-2019.05.09","nightly-2019.05.10","nightly-2019.05.11","nightly-2019.05.12","nightly-2019.05.13","nightly-2019.05.14","nightly-2019.05.15","nightly-2019.05.16","nightly-2019.05.17","nightly-2019.05.18","nightly-2019.05.19","nightly-2019.05.20","nightly-2019.05.21","nightly-2019.05.22","nightly-2019.05.23","nightly-2019.05.24","nightly-2019.05.25","nightly-2019.05.26","nightly-2019.05.27","nightly-2019.05.28","nightly-2019.05.29","nightly-2019.05.30","nightly-2019.05.31","nightly-2019.06.01","nightly-2019.06.02","nightly-2019.06.03","nightly-2019.06.04","nightly-2019.06.05","nightly-2019.06.06","nightly-2019.06.07","nightly-2019.06.08","nightly-2019.06.09","nightly-2019.06.10","nightly-2019.06.11","nightly-2019.06.12","nightly-2019.06.13","nightly-2019.06.14","nightly-2019.06.15","nightly-2019.06.16","nightly-2019.06.17","nightly-2019.06.18","nightly-2019.06.19","nightly-2019.06.20","nightly-2019.06.21","nightly-2019.06.22","nightly-2019.06.23","nightly-2019.06.24","nightly-2019.06.25","nightly-2019.06.26","nightly-2019.06.27","nightly-2019.06.28","nightly-2019.06.29","nightly-2019.06.30","nightly-2019.07.01","nightly-2019.07.02","nightly-2019.07.03","nightly-2019.07.04","nightly-2019.07.05","nightly-2019.07.06","nightly-2019.07.07","nightly-2019.07.08","nightly-2019.07.09","nightly-2019.07.10","nightly-2019.07.11","nightly-2019.07.12","nightly-2019.07.13","nightly-2019.07.14","nightly-2019.07.15","nightly-2019.07.16","nightly-2019.07.17","nightly-2019.07.18","nightly-2019.07.19","nightly-2019.07.20","nightly-2019.07.21","nightly-2019.07.22","nightly-2019.07.23","nightly-2019.07.24","nightly-2019.07.25","nightly-2019.07.26","nightly-2019.07.27","nightly-2019.07.28","nightly-2019.07.29","nightly-2019.07.30","nightly-2019.07.31","nightly-2019.08.01","nightly-2019.08.02","nightly-2019.08.03","nightly-2019.08.04","nightly-2019.08.05","nightly-2019.08.06","nightly-2019.08.07","nightly-2019.08.08","nightly-2019.08.09","nightly-2019.08.10","nightly-2019.08.11","nightly-2019.08.12","nightly-2019.08.13","nightly-2019.08.14","nightly-2019.08.15","nightly-2019.08.16","nightly-2019.08.17","nightly-2019.08.18","nightly-2019.08.19","nightly-2019.08.20","nightly-2019.08.21","nightly-2019.08.22","nightly-2019.08.23","nightly-2019.08.24","nightly-2019.08.25","nightly-2019.08.26","nightly-2019.08.27","nightly-2019.08.28","nightly-2019.08.29","nightly-2019.08.30","nightly-2019.08.31","nightly-2019.09.01","nightly-2019.09.02","nightly-2019.09.03","nightly-2019.09.04","nightly-2019.09.05","nightly-2019.09.06","nightly-2019.09.07","nightly-2019.09.08","nightly-2019.09.09","nightly-2019.09.10","nightly-2019.09.11","nightly-2019.09.12","nightly-2019.09.13","nightly-2019.09.14","nightly-2019.09.15","nightly-2019.09.16","nightly-2019.09.17","nightly-2019.09.18","pre-hhvm","src-hphp"],"database_specific":{"vanir_signatures_modified":"2026-04-11T08:05:30Z","vanir_signatures":[{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["291892732761989316588127414655556507780","77371674870589736897970469727307778557","120448928775261171333816876248003924284","335163077205968406262905506575961516817","44501993009175795450316899144745326480","220300078454433325036426905153971653710","271228619686095112893648209410149215616","134665741014938106677259826839097581939"]},"deprecated":false,"target":{"file":"hphp/runtime/base/zend-string.cpp"},"id":"CVE-2019-11929-0eac49b2","signature_version":"v1","source":"https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["235852391414298524767191071738289001511","226906434534036808236890046750755363418","236665820971239399431053512182718904106","140335216194151808759673220052749435881"]},"deprecated":false,"target":{"file":"hphp/runtime/version.h"},"id":"CVE-2019-11929-c890894c","signature_version":"v1","source":"https://github.com/facebook/hhvm/commit/6870c5d6361293a6eccc0e1746cf03cb62faad5f"},{"signature_type":"Function","digest":{"length":2147,"function_hash":"176609642573453071911192205899028154909"},"deprecated":false,"target":{"file":"hphp/runtime/base/zend-string.cpp","function":"string_number_format"},"id":"CVE-2019-11929-d8ea53c5","signature_version":"v1","source":"https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11929.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}