CVE-2020-7065

Public Exploit

mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full

Description

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

References

Link	Tags
https://usn.ubuntu.com/4330-1/	third party advisory vendor advisory
https://usn.ubuntu.com/4330-2/	third party advisory vendor advisory
https://www.debian.org/security/2020/dsa-4719	third party advisory vendor advisory
https://security.netapp.com/advisory/ntap-20200403-0001/	third party advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	third party advisory patch
https://bugs.php.net/bug.php?id=79371	patch exploit vendor advisory issue tracking
https://www.php.net/ChangeLog-7.php#7.4.4	release notes vendor advisory
https://www.tenable.com/security/tns-2021-14	third party advisory

Frequently Asked Questions

What is the severity of CVE-2020-7065?: CVE-2020-7065 has been scored as a high severity vulnerability.
How to fix CVE-2020-7065?: To fix CVE-2020-7065, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-7065 being actively exploited in the wild?: It is possible that CVE-2020-7065 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~9% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-7065?: CVE-2020-7065 affects PHP Group PHP.

Description

Categories

CWE-121 – Stack-based Buffer Overflow

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions