Description

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Remediation

References

CVE-2020-7060

Related Vulnerabilities

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.10)

Oracle JRE CVE-2022-21291 Vulnerability (CVE-2022-21291)

WordPress Plugin UpdraftPlus WordPress Backup Security Bypass (1.9.50)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.15)

WordPress Plugin SEO by Squirrly SEO Multiple Unspecified Vulnerabilities (6.1.4)

Severity

Critical

Classification

CVE-2020-7060 CWE-125 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities