PHP versions 7.3.x below 7.3.16 Out-of-bounds Write Vulnerability

Summary

PHP versions 7.3.x below 7.3.16 suffers from out-of-bounds write vulnerability.

 

 

Credit:

The information has been provided by Vendor

The original article can be found at:https://bugs.php.net/bug.php?id=79371

 


Details

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

 

Vulnerable Systems:

PHP versions 7.3.x below 7.3.16

PHP versions 7.4.x below 7.4.34

 

CVE Information:

CVE-2020-7065

Disclosure Timeline:
Published Date:4/1/2020

Categories: FeaturedNews