CVE-2019-3556
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.5%
HHVM supports the use of an “admin” server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.
Affected configurations
CNA Affected
[
{
"product": "HHVM",
"vendor": "Facebook",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.83.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.83.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.82.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.82.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.81.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.81.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.80.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.80.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.79.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.79.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.78.1",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.57.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "4.56.2",
"versionType": "custom"
},
{
"lessThan": "4.56.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.5%