NextGuard
UNKNOWNCVE-2020-7065

mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full

Platform

php

Component

php

Fixed in

7.4.4

View on NVD

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

How to fix

Actualice a PHP versión 7.3.16 o superior, o a la versión 7.4.4 o superior. Esto corregirá la vulnerabilidad de desbordamiento de búfer en la función mb_strtolower con codificación UTF-32LE.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free