Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.php.net/b...
BUGTRAQ: 20200218 [SECURITY] [D...
DEBIAN: DSA-4626
UBUNTU: USN-4279-1
BUGTRAQ: 20200219 [SECURITY] [D...
DEBIAN: DSA-4628
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...
SUSE: openSUSE-SU-2020:0341
GENTOO: GLSA-202003-57
MISC: https://www.oracle.com...
BUGTRAQ: 20210116 Re: [SECURITY...
MISC: https://www.oracle.com...
CONFIRM: https://www.tenable.co...

Launchpad.net

CVE 2020-7060

Related bugs

References