#VU25110 Out-of-bounds read in PHP


Published: 2020-02-10 | Updated: 2020-10-26

Vulnerability identifier: #VU25110

Vulnerability risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7060

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when using certain "mbstring" functions to convert multibyte encodings. A remote attacker can supply data that will cause function "mbfl_filt_conv_big5_wchar" to read past the allocated buffer, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

PHP: 7.2.0 - 7.2.26, 7.3.0 - 7.3.13, 7.4.0 - 7.4.1

External links
http://bugs.php.net/bug.php?id=79037

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Tenable.sc
openEuler 20.03 LTS SP1 update for php
openEuler 20.03 LTS update for php
Red Hat Software Collections 1 for RHEL 7.7 update for rh-php73-php
Out-of-bounds read in Oracle Communications Diameter Signaling Router (DSR)
Gentoo update for PHP
OpenSUSE Linux update for php7
Amazon Linux AMI update for php73
Amazon Linux AMI update for php72
Debian update for php7.0