CVE-2019-3557 - OpenCVE

The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were updated to return valid values consistently. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Facebook	Hhvm

Configuration 1 [-]

OR	cpe:2.3:a:facebook:hhvm::::::::
	cpe:2.3:a:facebook:hhvm::::::::

No data.

References

Link	Providers
https://github.com/facebook/hhvm/commit/6e4dd9ec3f14b48170fc45dc9d13a3261765f994
https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: facebook

Published: 2019-01-15T22:00:00

Updated: 2024-08-04T19:12:09.545Z

Reserved: 2019-01-02T00:00:00

Link: CVE-2019-3557

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-15T22:29:00.377

Modified: 2019-10-09T23:49:14.727

Link: CVE-2019-3557

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HHVM", "vendor": "Facebook", "versions": [{"status": "affected", "version": "3.30.1"}, {"lessThan": "unspecified", "status": "affected", "version": "3.30.0", "versionType": "custom"}, {"status": "affected", "version": "3.27.5"}, {"lessThan": "3.27.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "dateAssigned": "2019-01-09T00:00:00", "datePublic": "2019-01-15T00:00:00", "descriptions": [{"lang": "en", "value": "The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were updated to return valid values consistently. This affects all supported versions of HHVM (3.30 and 3.27.4 and below)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-01-15T21:57:01", "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/facebook/hhvm/commit/6e4dd9ec3f14b48170fc45dc9d13a3261765f994"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2019-01-09", "ID": "CVE-2019-3557", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HHVM", "version": {"version_data": [{"version_affected": "!=>", "version_value": "3.30.1"}, {"version_affected": ">=", "version_value": "3.30.0"}, {"version_affected": "!=>", "version_value": "3.27.5"}, {"version_affected": "<", "version_value": "3.27.5"}]}}]}, "vendor_name": "Facebook"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were updated to return valid values consistently. This affects all supported versions of HHVM (3.30 and 3.27.4 and below)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds Read (CWE-125)"}]}]}, "references": {"reference_data": [{"name": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html", "refsource": "MISC", "url": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html"}, {"name": "https://github.com/facebook/hhvm/commit/6e4dd9ec3f14b48170fc45dc9d13a3261765f994", "refsource": "MISC", "url": "https://github.com/facebook/hhvm/commit/6e4dd9ec3f14b48170fc45dc9d13a3261765f994"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:12:09.545Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/facebook/hhvm/commit/6e4dd9ec3f14b48170fc45dc9d13a3261765f994"}]}]}, "cveMetadata": {"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "assignerShortName": "facebook", "cveId": "CVE-2019-3557", "datePublished": "2019-01-15T22:00:00", "dateReserved": "2019-01-02T00:00:00", "dateUpdated": "2024-08-04T19:12:09.545Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "20625917-395C-4FE6-B681-8C8C2078549E", "versionEndIncluding": "3.27.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "B578D2A9-7CA2-41A1-85E5-CF1254A3CD4A", "versionEndIncluding": "3.30.0", "versionStartIncluding": "3.28.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were updated to return valid values consistently. This affects all supported versions of HHVM (3.30 and 3.27.4 and below)."}, {"lang": "es", "value": "Las implementaciones de los flujos para bz2 y php://output implementaron incorrectamente sus funciones readImpl, devolviendo -1 constantemente. Este comportamiento provoc\u00f3 que algunas funciones, como stream_get_line, desencadenasen una lectura fuera de l\u00edmites al operar en tales flujos mal formados. Las implementaciones se actualizaron para que devuelvan valores v\u00e1lidos de forma consistente. Esto afecta a todas las versiones soportadas de HVVM (en versiones anteriores a las 3.30 y 3.27.4)."}], "id": "CVE-2019-3557", "lastModified": "2019-10-09T23:49:14.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-15T22:29:00.377", "references": [{"source": "cve-assign@fb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/facebook/hhvm/commit/6e4dd9ec3f14b48170fc45dc9d13a3261765f994"}, {"source": "cve-assign@fb.com", "tags": ["Vendor Advisory"], "url": "https://hhvm.com/blog/2019/01/14/hhvm-3.30.2.html"}], "sourceIdentifier": "cve-assign@fb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve-assign@fb.com", "type": "Secondary"}]}