GCVE - cpe:2.3:a:facebook:hhvm:4.25.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:facebook:hhvm:4.25.0:*:*:*:*:*:*:*

part: a version: 4.25.0 update: *

Vendor	Facebook (`c319c35a-3469-5baa-b3bd-8582d1206a92`)
Product	Hhvm (`f2db6c03-3315-587d-a49f-0af5739172b6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/facebook/hhvm`	purl2cpe	2026-06-01 10:11:42.804048

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-11936`	vulnerable	2026-06-03 14:39:34.050863	Details available Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. Published: 2019-12-04T16:25:20.000Z Updated: 2024-08-04T23:10:29.412Z Open on db.gcve.eu Reference links https://hhvm.com/blog/2019/10/28/security-update.html https://github.com/facebook/hhvm/commit/f57df6d8cf33cb14c40f52287da29360e7003373 https://www.facebook.com/security/advisories/cve-2019-11936	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11935`	vulnerable	2026-06-03 14:39:34.050345	Details available Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. Published: 2019-12-04T16:25:20.000Z Updated: 2024-08-04T23:10:29.438Z Open on db.gcve.eu Reference links https://hhvm.com/blog/2019/10/28/security-update.html https://github.com/facebook/hhvm/commit/1c518555dba6ceb45d5ba61845b96e261219c3b7 https://www.facebook.com/security/advisories/cve-2019-11935	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11930`	vulnerable	2026-06-03 14:39:34.034297	Details available An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. Published: 2019-12-04T16:25:19.000Z Updated: 2024-08-04T23:10:29.455Z Open on db.gcve.eu Reference links https://github.com/facebook/hhvm/commit/524d2e60cfe910406ec6109e4286d7edd545ab36 https://hhvm.com/blog/2019/10/28/security-update.html https://www.facebook.com/security/advisories/cve-2019-11930	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.