Innovate faster and cut risk with PHP experts from Zend Services.
Explore Services
Beginning to advanced PHP classes to learn and earn global certification.
Help me choose >
Explore Training
Submit support requests and browse self-service resources.
Explore Support
by using mb_strtolower() function with UTF-32LE encoding leads to potential code execution
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using the mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite a stack-allocated buffer. This could lead to memory corruption, crashes, and potentially code execution.
mb_strtolower()
Upgrade to 7.3.16 or above, or 7.4.4 or above.
Direct link to CVE-2020-7065 >
< View all CVEs