Описание
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
A vulnerability was found in PHP while using the mb_strtolower() function with UTF-32LE encoding, where certain invalid strings cause PHP to overwrite the stack-allocated buffer. This flaw leads to memory corruption, crashes, and potential code execution.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Not affected | ||
| Red Hat Enterprise Linux 7 | php | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.2/php | Not affected | ||
| Red Hat Software Collections | rh-php72-php | Not affected | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2020:3662 | 08.09.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php73-php | Fixed | RHSA-2020:5275 | 01.12.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | rh-php73-php | Fixed | RHSA-2020:5275 | 01.12.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-php73-php | Fixed | RHSA-2020:5275 | 01.12.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using ...
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
Уязвимость функции mb_strtolower () при использовании кодировки UTF-32LE интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3