Description

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

Remediation

References

CVE-2020-7065

Related Vulnerabilities

Drupal Core 7.x Denial of Service (7.0 - 7.30)

MySQL CVE-2024-21102 Vulnerability (CVE-2024-21102)

WordPress 'wp-db.php' Character Set SQL Injection Vulnerability (2.0 - 2.3.1)

MediaWiki Improper Access Control Vulnerability (CVE-2016-6336)

WordPress Plugin Web Application Firewall-website security Privilege Escalation (2.1.1)

Severity

High

Classification

CVE-2020-7065 CWE-787 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities