Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
facebook hhvm |
||
facebook hhvm 4.94.0 |
||
facebook hhvm 4.95.0 |
||
facebook hhvm 4.96.0 |
||
facebook hhvm 4.97.0 |
||
facebook hhvm 4.98.0 |