When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2020-02-10T07:45:13.921535Z

Updated: 2024-09-17T02:37:14.052Z

Reserved: 2020-01-15T00:00:00

Link: CVE-2020-7059

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-10T08:15:12.673

Modified: 2024-11-21T05:36:35.167

Link: CVE-2020-7059

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-01-23T00:00:00Z

Links: CVE-2020-7059 - Bugzilla