#VU26260 Stack-based buffer overflow in PHP - CVE-2020-7065


Vulnerability identifier: #VU26260

Vulnerability risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-7065

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within php_unicode_tolower_full() function, as demonstrated by the mb_strtolower() call. A remote attacker can pass specially crafted data to the application that uses affected function, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

PHP: 7.3.0alpha1 - 7.3.15, 7.4.0 - 7.4.3

External links
https://bugs.php.net/bug.php?id=79371
https://www.php.net/ChangeLog-7.php#7.3.16
https://www.php.net/ChangeLog-7.php#7.4.4

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Tenable.sc
Red Hat Software Collections 1 for RHEL 7.7 update for rh-php73-php
Red Hat Enterprise Linux 8 update for the php:7.3 module
Debian update for php7.3
Amazon Linux AMI update for php73
Ubuntu update for PHP
Gentoo update for PHP
Multiple vulnerabilities in PHP
Stack-based buffer overflow in php7 (Alpine package)
Fedora 32 update for php