Innovate faster and cut risk with PHP experts from Zend Services.
Explore Services
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Read More
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Explore Training
Submit support requests and browse self-service resources.
Explore Support
out-of-bounds read when using a malformed url-encoded string
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17, and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), the urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
urldecode()
Upgrade to PHP 7.2.30 or above, 7.3.17 or above, or 7.4.5 or above.
Direct link to CVE-2020-7067 >
< View all CVEs