CVE-2020-7065

Summary

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP7.3.x < 7.3.16affected
PHP GroupPHP7.4.x < 7.4.4affected

Weaknesses

  • CWE-121: CWE-121 Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References