Note:
This project will be discontinued after December 13, 2021. [more]
2020-04-01
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
| Products | Ubuntu_linux, Debian_linux, Php, Tenable\.sc |
| Type | Out-of-bounds Write (CWE-787) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://www.php.net/ChangeLog-7.php#7.4.4 • https://security.netapp.com/advisory/ntap-20200403-0001/ • https://www.tenable.com/security/tns-2021-14 • https://www.debian.org/security/2020/dsa-4719 |