CVE-2020-7060

Name
CVE-2020-7060
Description
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugs.php.net/bug.php?id=79037
BUGTRAQ https://seclists.org/bugtraq/2020/Feb/27
DEBIAN https://www.debian.org/security/2020/dsa-4626
UBUNTU https://usn.ubuntu.com/4279-1/
BUGTRAQ https://seclists.org/bugtraq/2020/Feb/31
DEBIAN https://www.debian.org/security/2020/dsa-4628
CONFIRM https://security.netapp.com/advisory/ntap-20200221-0002/
MLIST https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
GENTOO https://security.gentoo.org/glsa/202003-57
MISC https://www.oracle.com/security-alerts/cpujul2020.html
BUGTRAQ https://seclists.org/bugtraq/2021/Jan/3
MISC https://www.oracle.com/security-alerts/cpuApr2021.html
CONFIRM https://www.tenable.com/security/tns-2021-14

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.2.0 < 7.2.27
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.3.0 < 7.3.14
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.4.0 < 7.4.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status