Lucene search

K

GoogleOSV:CVE-2020-7060

HistoryFeb 10, 2020 - 8:15 a.m.

CVE-2020-7060

2020-02-1008:15:12

Google

osv.dev

7

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

73.4%

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html

bugs.php.net/bug.php?id=79037

lists.debian.org/debian-lts-announce/2020/02/msg00030.html

seclists.org/bugtraq/2020/Feb/27

seclists.org/bugtraq/2020/Feb/31

seclists.org/bugtraq/2021/Jan/3

security.gentoo.org/glsa/202003-57

security.netapp.com/advisory/ntap-20200221-0002/

usn.ubuntu.com/4279-1/

www.debian.org/security/2020/dsa-4626

www.debian.org/security/2020/dsa-4628

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.tenable.com/security/tns-2021-14

AI Score

6.3

Confidence

Low

EPSS

0.004

Percentile

73.4%

Related for OSV:CVE-2020-7060

debiancve1 ubuntucve1 nvd1 alpinelinux1 cve1 osv6 redhatcve1 f51 veracode1 prion1 cvelist1 nessus38 openvas19 amazon2 mageia1 debian3 fedora2 altlinux3 ibm1 ubuntu2 suse1 gentoo1 redhat2 almalinux1 rocky1 oraclelinux1 oracle2