CVE-2020-7065
mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_fullIn PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
We have discovered 413,355 live websites that are affected by CVE-2020-7065.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.3 before 7.3.16
- from 7.4 before 7.4.4
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 413,355 live websites (3.42% of PHP install base) |
Common Weakness Enumeration
CWE-121 Stack-based Buffer Overflow
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7065 and the relative popularity of websites