Description
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
Remediation
References
Related Vulnerabilities
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5741)
PHP Other Vulnerability (CVE-2005-3390)
WordPress Plugin WP DSGVO Tools (GDPR) PHP Object Injection (2.0.4)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-28644)
WordPress Plugin Photoracer 'id' Parameter SQL Injection (1.0)