CVE-2020-7060

Summary

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP7.2.x < 7.2.27affected
PHP GroupPHP7.3.x < 7.3.14affected
PHP GroupPHP7.4.x < 7.4.2affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

References