Description
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
Remediation
References
Related Vulnerabilities
Moodle Improper Following of Specification by Caller Vulnerability (CVE-2019-14829)
WordPress Plugin Breeze-WordPress Cache Open Redirect (1.0.10)
Moodle Other Vulnerability (CVE-2006-4786)
WebLogic CVE-2017-10147 Vulnerability (CVE-2017-10147)
Plone CMS Improper Access Control Vulnerability (CVE-2015-7315)