Description

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

Remediation

References

CVE-2020-7067

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21610)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3740)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-17373)

WordPress Plugin WooCommerce Possible Remote Code Execution (3.5.0)

WebLogic CVE-2022-21262 Vulnerability (CVE-2022-21262)

Severity

High

Classification

CVE-2020-7067 CWE-125 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities