In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
Max CVSS
8.8
EPSS Score
0.50%
Published
2020-04-01
Updated
2021-12-02
1 vulnerabilities found