CVE-2020-7065
01.04.2020, 04:15
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| php | php | 7.3.0 ≤ 𝑥 < 7.3.16 |
| php | php | 7.4.0 ≤ 𝑥 < 7.4.4 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 20.04 |
| tenable | tenable.sc | 𝑥 < 5.19.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| php5 |
| ||||||||||
| php7.0 |
| ||||||||||
| php7.2 |
| ||||||||||
| php7.3 |
| ||||||||||
| php7.4 |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| php73 |
| ||
| php73-bcmath |
| ||
| php73-cli |
| ||
| php73-common |
| ||
| php73-dba |
| ||
| php73-dbg |
| ||
| php73-debuginfo |
| ||
| php73-devel |
| ||
| php73-embedded |
| ||
| php73-enchant |
| ||
| php73-fpm |
| ||
| php73-gd |
| ||
| php73-gmp |
| ||
| php73-imap |
| ||
| php73-intl |
| ||
| php73-json |
| ||
| php73-ldap |
| ||
| php73-mbstring |
| ||
| php73-mysqlnd |
| ||
| php73-odbc |
| ||
| php73-opcache |
| ||
| php73-pdo |
| ||
| php73-pdo-dblib |
| ||
| php73-pgsql |
| ||
| php73-process |
| ||
| php73-pspell |
| ||
| php73-recode |
| ||
| php73-snmp |
| ||
| php73-soap |
| ||
| php73-tidy |
| ||
| php73-xml |
| ||
| php73-xmlrpc |
|
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References