Innovate faster and cut risk with PHP experts from Zend Services.
Beginning to advanced PHP classes to learn and earn global certification.
Help me choose >
Submit support requests and browse self-service resources.
Global buffer-overflow in mbfl_filt_conv_big5_wchar function
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14, and 7.4.x below 7.4.2, it is possible to supply data that will cause the underlying C function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
Upgrade to PHP &.2.27 or higher, 7.3.14 or higher, or 7.4.2 or higher.
Direct link to CVE-2020-7060 >
< View all CVEs