CVE-2020-7065
mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
We have discovered 413,355 live websites that are affected by CVE-2020-7065.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 413,355 live websites (3.42% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7065 and the relative popularity of websitesDetails
- Published - Mar 17, 2020
- Updated - Oct 20, 2021
Credits
- anatoly dot trosinenko at gmail dot com
CWE
CVE References
CWE References
Countries
 United States | 95,940 websites |
 France | 204,444 websites |
 Russia | 9,599 websites |
 Belgium | 9,415 websites |
 Poland | 8,932 websites |
 Italy | 8,085 websites |
 Germany | 7,793 websites |
 China | 7,685 websites |
 Spain | 6,745 websites |
 Canada | 5,362 websites |
TLDs
| .com | 190,079 websites |
| .fr | 91,337 websites |
| .org | 19,859 websites |
| .net | 12,409 websites |
| .be | 10,584 websites |
| .ru | 8,427 websites |
| .pl | 7,068 websites |
| .it | 6,245 websites |
| .de | 4,768 websites |
| .eu | 4,403 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2020-7065 through included software libraries and plugins.References
- https://usn.ubuntu.com/4330-1/
- https://usn.ubuntu.com/4330-2/
- https://www.debian.org/security/2020/dsa-4719
- https://security.netapp.com/advisory/ntap-20200403-0001/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://bugs.php.net/bug.php?id=79371
- https://www.php.net/ChangeLog-7.php#7.4.4
- https://www.tenable.com/security/tns-2021-14
Websites affected by CVE-2020-7065
Top websites that are affected by CVE-2020-7065. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.pl | Poland | *,*** | |
| *******.com | Germany | *,*** | |
| ******.com | France | *,*** | |
| **********.com | France | *,*** | |
| ***.*********.com | United States | *,*** | |
| ************.org | France | *,*** | |
| ******.com | United States | *,*** | |
| ***.******.com | France | *,*** | |
| ***.****.com | Spain | *,*** | |
| ***.*********.com | United States | *,*** |