Bug 1820627 (CVE-2020-7065)
Summary: | CVE-2020-7065 php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | fedora, hhorak, jorton, kyoshida, nduffy, rcollet, security-response-team, tcrider, webstack-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | php 7.3.16, php 7.4.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in PHP while using the mb_strtolower() function with UTF-32LE encoding, where certain invalid strings cause PHP to overwrite the stack-allocated buffer. This flaw leads to memory corruption, crashes, and potential code execution.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-09-08 13:19:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1820629, 1821129, 1821130, 1857713 | ||
Bug Blocks: | 1820607 |
Description
Dhananjay Arunesh
2020-04-03 13:31:08 UTC
Created php tracking bugs for this issue: Affects: fedora-all [bug 1820629] -A vulnerability was found in PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34 +A vulnerability was found in PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4 It is difficult to trigger these issues in production code, and also depends on the way the PHP script is written. Therefore this issue has been downgraded to having moderate impact. Upstream patch: http://git.php.net/?p=php-src.git;a=commit;h=69155120e68d2e614d5c300974a1a5610cfa2e8b External References: https://www.php.net/ChangeLog-7.php#PHP_7_3 https://www.php.net/ChangeLog-7.php#PHP_7_4 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3662 https://access.redhat.com/errata/RHSA-2020:3662 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-7065 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:5275 https://access.redhat.com/errata/RHSA-2020:5275 |