An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hhvm | * | 3.30.12 (excluding) | |
| Hhvm | 4.0.0 (including) | 4.8.5 (including) | |
| Hhvm | 4.9.0 (including) | 4.23.1 (including) | |
| Hhvm | 4.24.0 (including) | 4.24.0 (including) | |
| Hhvm | 4.25.0 (including) | 4.25.0 (including) | |
| Hhvm | 4.26.0 (including) | 4.26.0 (including) | |
| Hhvm | 4.27.0 (including) | 4.27.0 (including) | |
| Hhvm | 4.28.0 (including) | 4.28.0 (including) | |
| Hhvm | 4.28.1 (including) | 4.28.1 (including) | |
| Hhvm | Ubuntu | bionic | * |
| Hhvm | Ubuntu | trusty | * |
| Hhvm | Ubuntu | xenial | * |
This weakness can take several forms, such as: