Vulnerabilities

CVE-2020-7065

by Fred · 31/03/2020

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

Date published : 2020-03-31

https://security.netapp.com/advisory/ntap-20200403-0001/

https://www.php.net/ChangeLog-7.php#7.4.4

Related

Tags: Cybersecurity Alert