|
Vulnerabilities
< Back

CVE-2020-7060

Updated on 10 Feb 2020

Severity

9.1 Critical severity

Details

CVSS score
9.1
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Details

Affected product:
Alpine Linux 3.22 , CentOS 6 ELS , CloudLinux 6 ELS , Debian 10 , Debian 10 ELS , Debian 11 , Debian 12 , Debian 13 , EL 10 , EL 6 , EL 7 , EL 8 , EL 9 , Oracle Linux 6 ELS , Ubuntu 16.04 , Ubuntu 18.04 , Ubuntu 20.04 , Ubuntu 22.04 , Ubuntu 24.04 , Windows 10
Affected packages:
php @ 7.0 (+169 more)
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Fixes