What the vulnerability does

01Description

Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).

Key dates

02Disclosure timeline

April 29, 2019 CVE published
August 4, 2024 Record updated