Vulnerability CVE-2020-7060


Published: 2020-02-10

Description:
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial
Affected software
PHP -> PHP 

 References:
https://bugs.php.net/bug.php?id=79037
https://seclists.org/bugtraq/2020/Feb/27
https://usn.ubuntu.com/4279-1/
https://www.debian.org/security/2020/dsa-4626

Copyright 2021, cxsecurity.com

 

Back to Top