{"id":"CVE-2019-11929","details":"Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0.","modified":"2026-02-24T11:31:11.806273Z","published":"2019-10-02T19:15:11.780Z","references":[{"type":"ADVISORY","url":"https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692"},{"type":"ADVISORY","url":"https://hhvm.com/blog/2019/09/25/security-update.html"},{"type":"ADVISORY","url":"https://www.facebook.com/security/advisories/cve-2019-11929"},{"type":"FIX","url":"https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/hhvm","events":[{"introduced":"0"},{"fixed":"dbeb9a56a638e3fdcef8b691c2a2967132dae692"}]}],"versions":["HPHP-2.1.0","gcc-4.6","nightly-2019.03.28","nightly-2019.03.29","nightly-2019.03.30","nightly-2019.03.31","nightly-2019.04.01","nightly-2019.04.02","nightly-2019.04.03","nightly-2019.04.04","nightly-2019.04.05","nightly-2019.04.06","nightly-2019.04.07","nightly-2019.04.08","nightly-2019.04.09","nightly-2019.04.10","nightly-2019.04.11","nightly-2019.04.12","nightly-2019.04.13","nightly-2019.04.14","nightly-2019.04.15","nightly-2019.04.16","nightly-2019.04.17","nightly-2019.04.18","nightly-2019.04.19","nightly-2019.04.20","nightly-2019.04.21","nightly-2019.04.22","nightly-2019.04.23","nightly-2019.04.24","nightly-2019.04.25","nightly-2019.04.26","nightly-2019.04.27","nightly-2019.04.28","nightly-2019.04.29","nightly-2019.04.30","nightly-2019.05.01","nightly-2019.05.02","nightly-2019.05.03","nightly-2019.05.04","nightly-2019.05.05","nightly-2019.05.06","nightly-2019.05.07","nightly-2019.05.08","nightly-2019.05.09","nightly-2019.05.10","nightly-2019.05.11","nightly-2019.05.12","nightly-2019.05.13","nightly-2019.05.14","nightly-2019.05.15","nightly-2019.05.16","nightly-2019.05.17","nightly-2019.05.18","nightly-2019.05.19","nightly-2019.05.20","nightly-2019.05.21","nightly-2019.05.22","nightly-2019.05.23","nightly-2019.05.24","nightly-2019.05.25","nightly-2019.05.26","nightly-2019.05.27","nightly-2019.05.28","nightly-2019.05.29","nightly-2019.05.30","nightly-2019.05.31","nightly-2019.06.01","nightly-2019.06.02","nightly-2019.06.03","nightly-2019.06.04","nightly-2019.06.05","nightly-2019.06.06","nightly-2019.06.07","nightly-2019.06.08","nightly-2019.06.09","nightly-2019.06.10","nightly-2019.06.11","nightly-2019.06.12","nightly-2019.06.13","nightly-2019.06.14","nightly-2019.06.15","nightly-2019.06.16","nightly-2019.06.17","nightly-2019.06.18","nightly-2019.06.19","nightly-2019.06.20","nightly-2019.06.21","nightly-2019.06.22","nightly-2019.06.23","nightly-2019.06.24","nightly-2019.06.25","nightly-2019.06.26","nightly-2019.06.27","nightly-2019.06.28","nightly-2019.06.29","nightly-2019.06.30","nightly-2019.07.01","nightly-2019.07.02","nightly-2019.07.03","nightly-2019.07.04","nightly-2019.07.05","nightly-2019.07.06","nightly-2019.07.07","nightly-2019.07.08","nightly-2019.07.09","nightly-2019.07.10","nightly-2019.07.11","nightly-2019.07.12","nightly-2019.07.13","nightly-2019.07.14","nightly-2019.07.15","nightly-2019.07.16","nightly-2019.07.17","nightly-2019.07.18","nightly-2019.07.19","nightly-2019.07.20","nightly-2019.07.21","nightly-2019.07.22","nightly-2019.07.23","nightly-2019.07.24","nightly-2019.07.25","nightly-2019.07.26","nightly-2019.07.27","nightly-2019.07.28","nightly-2019.07.29","nightly-2019.07.30","nightly-2019.07.31","nightly-2019.08.01","nightly-2019.08.02","nightly-2019.08.03","nightly-2019.08.04","nightly-2019.08.05","nightly-2019.08.06","nightly-2019.08.07","nightly-2019.08.08","nightly-2019.08.09","nightly-2019.08.10","nightly-2019.08.11","nightly-2019.08.12","nightly-2019.08.13","nightly-2019.08.14","nightly-2019.08.15","nightly-2019.08.16","nightly-2019.08.17","nightly-2019.08.18","nightly-2019.08.19","nightly-2019.08.20","nightly-2019.08.21","nightly-2019.08.22","nightly-2019.08.23","nightly-2019.08.24","nightly-2019.08.25","nightly-2019.08.26","nightly-2019.08.27","nightly-2019.08.28","nightly-2019.08.29","nightly-2019.08.30","nightly-2019.08.31","nightly-2019.09.01","nightly-2019.09.02","nightly-2019.09.03","nightly-2019.09.04","nightly-2019.09.05","nightly-2019.09.06","nightly-2019.09.07","nightly-2019.09.08","nightly-2019.09.09","nightly-2019.09.10","nightly-2019.09.11","nightly-2019.09.12","nightly-2019.09.13","nightly-2019.09.14","nightly-2019.09.15","nightly-2019.09.16","nightly-2019.09.17","nightly-2019.09.18","pre-hhvm","src-hphp"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["291892732761989316588127414655556507780","77371674870589736897970469727307778557","120448928775261171333816876248003924284","335163077205968406262905506575961516817","44501993009175795450316899144745326480","220300078454433325036426905153971653710","271228619686095112893648209410149215616","134665741014938106677259826839097581939"]},"signature_type":"Line","id":"CVE-2019-11929-0eac49b2","target":{"file":"hphp/runtime/base/zend-string.cpp"},"deprecated":false},{"source":"https://github.com/facebook/hhvm/commit/dbeb9a56a638e3fdcef8b691c2a2967132dae692","signature_version":"v1","digest":{"length":2147,"function_hash":"176609642573453071911192205899028154909"},"signature_type":"Function","id":"CVE-2019-11929-d8ea53c5","target":{"function":"string_number_format","file":"hphp/runtime/base/zend-string.cpp"},"deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11929.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}