{"id":"CVE-2019-3569","details":"HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series.","modified":"2026-04-11T09:46:12.813562Z","published":"2019-06-26T15:15:09.887Z","references":[{"type":"ADVISORY","url":"https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html"},{"type":"FIX","url":"https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/hhvm","events":[{"introduced":"0"},{"last_affected":"c3ef837b239cb6b83b6f18ce7476b9d4858bf5fb"},{"introduced":"0"},{"last_affected":"7d4f701b9ed004452d695fce4e1ef8f48babbf39"},{"introduced":"0"},{"last_affected":"1559d1bbe1f38e11f0431ff53cdc15a43b61b3d0"},{"introduced":"0"},{"last_affected":"58b4ab5f721bc544de17e6b90ccb87dad7cce3c5"},{"introduced":"0"},{"last_affected":"d642bb525d6259c5757b37a2d253fc760fc71e07"},{"introduced":"0"},{"last_affected":"c15d20b433e998211f00772abfffa89f7e378bdd"},{"introduced":"0"},{"last_affected":"dcce907d6453876bec0396ef0bef12f146b11c51"},{"introduced":"0"},{"last_affected":"eb46c92a370b2e8668e45fae0d0bc2389036d8fa"},{"introduced":"0"},{"last_affected":"0808a18ce05f7d0aa1a3d7452867d7c8ae466b53"},{"introduced":"0"},{"last_affected":"191de474013d0d0373e95650e38193d160514c1d"},{"introduced":"0"},{"last_affected":"9041a222fb7796a7ec74970d64695b488513cce1"},{"introduced":"0"},{"last_affected":"bc284031f664e568232324763d94ec5db0aa5f14"},{"introduced":"0"},{"last_affected":"8689833d30e8c33fafd3b57cf79c89e6d840bfb5"},{"introduced":"0"},{"last_affected":"8ca4f914698d694c39cbfcd4f607f0e5cd64e705"},{"fixed":"97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.30.5"},{"introduced":"0"},{"last_affected":"4.0.0"},{"introduced":"0"},{"last_affected":"4.0.1"},{"introduced":"0"},{"last_affected":"4.0.2"},{"introduced":"0"},{"last_affected":"4.0.3"},{"introduced":"0"},{"last_affected":"4.0.4"},{"introduced":"0"},{"last_affected":"4.1.0"},{"introduced":"0"},{"last_affected":"4.2.0"},{"introduced":"0"},{"last_affected":"4.3.0"},{"introduced":"0"},{"last_affected":"4.4.0"},{"introduced":"0"},{"last_affected":"4.5.0"},{"introduced":"0"},{"last_affected":"4.6.0"},{"introduced":"0"},{"last_affected":"4.7.0"},{"introduced":"0"},{"last_affected":"4.8.0"}]}}],"versions":["HHVM-3.30.0","HHVM-3.30.1","HHVM-3.30.2","HHVM-3.30.3","HHVM-3.30.4","HHVM-3.30.5","HHVM-4.0.0","HHVM-4.0.1","HHVM-4.0.2","HHVM-4.0.3","HHVM-4.0.4","HHVM-4.1.0","HHVM-4.2.0","HHVM-4.3.0","HHVM-4.4.0","HHVM-4.5.0","HHVM-4.6.0","HHVM-4.7.0","HHVM-4.8.0","HPHP-2.1.0","gcc-4.6","nightly-2019.03.28","nightly-2019.03.29","nightly-2019.03.30","nightly-2019.03.31","nightly-2019.04.01","nightly-2019.04.02","nightly-2019.04.03","nightly-2019.04.04","nightly-2019.04.05","nightly-2019.04.06","nightly-2019.04.07","nightly-2019.04.08","nightly-2019.04.09","nightly-2019.04.10","nightly-2019.04.11","nightly-2019.04.12","nightly-2019.04.13","nightly-2019.04.14","nightly-2019.04.15","nightly-2019.04.16","nightly-2019.04.17","nightly-2019.04.18","nightly-2019.04.19","nightly-2019.04.20","nightly-2019.04.21","nightly-2019.04.22","nightly-2019.04.23","nightly-2019.04.24","nightly-2019.04.25","nightly-2019.04.26","nightly-2019.04.27","nightly-2019.04.28","nightly-2019.04.29","nightly-2019.04.30","nightly-2019.05.01","nightly-2019.05.02","nightly-2019.05.03","nightly-2019.05.04","nightly-2019.05.05","nightly-2019.05.06","nightly-2019.05.07","nightly-2019.05.08","nightly-2019.05.09","nightly-2019.05.10","nightly-2019.05.11","nightly-2019.05.12","nightly-2019.05.13","nightly-2019.05.14","nightly-2019.05.15","nightly-2019.05.16","nightly-2019.05.17","nightly-2019.05.18","nightly-2019.05.19","nightly-2019.05.20","nightly-2019.05.21","nightly-2019.05.22","nightly-2019.05.23","nightly-2019.05.24","nightly-2019.05.25","nightly-2019.05.26","nightly-2019.05.27","nightly-2019.05.28","nightly-2019.05.29","nightly-2019.05.30","nightly-2019.05.31","nightly-2019.06.01","nightly-2019.06.02","nightly-2019.06.03","nightly-2019.06.04","nightly-2019.06.05","nightly-2019.06.06","nightly-2019.06.07","nightly-2019.06.08","nightly-2019.06.09","nightly-2019.06.10","nightly-2019.06.11","pre-hhvm","src-hphp"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","id":"CVE-2019-3569-0e80101c","digest":{"threshold":0.9,"line_hashes":["137514824064723355843894764939851756089","274485221879760134909049791648411818110","142983643094198605564629967646232518446","6111575993008610184694406316844627987"]},"target":{"file":"hphp/runtime/server/fastcgi/fastcgi-server.cpp"},"deprecated":false,"source":"https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed","signature_type":"Line"},{"signature_version":"v1","id":"CVE-2019-3569-71c2432d","digest":{"function_hash":"244793622532617888474407837374486565622","length":937},"target":{"file":"hphp/runtime/server/fastcgi/fastcgi-server.cpp","function":"FastCGIServer::FastCGIServer"},"deprecated":false,"source":"https://github.com/facebook/hhvm/commit/97ef580ec2cca9a54da6f9bd9fdd9a455f6d74ed","signature_type":"Function"}],"vanir_signatures_modified":"2026-04-11T09:46:12Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3569.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}