BIT-php-2020-7060

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/php/BIT-php-2020-7060.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-php-2020-7060
Aliases
Published
2024-03-06T11:07:44.182Z
Modified
2024-11-27T19:40:48.342Z
Summary
[none]
Details

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Database specific
{
    "cpes": [
        "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / php

Package

Name
php
Purl
pkg:bitnami/php

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.2.0
Fixed
7.2.27
Introduced
7.3.0
Fixed
7.3.14
Introduced
7.4.0
Fixed
7.4.2