CVE-2020-7065
01.04.2020, 04:15
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.Enginsight
| Vendor | Product | Version |
|---|---|---|
| php | php | 7.3.0 ≤ 𝑥 < 7.3.16 |
| php | php | 7.4.0 ≤ 𝑥 < 7.4.4 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 20.04 |
| tenable | tenable.sc | 𝑥 < 5.19.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| php5 |
| ||||||||||
| php7.0 |
| ||||||||||
| php7.2 |
| ||||||||||
| php7.3 |
| ||||||||||
| php7.4 |
|
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References