In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: php
Published: 2020-04-27T20:38:39.634265Z
Updated: 2024-09-17T02:21:12.549Z
Reserved: 2020-01-15T00:00:00
Link: CVE-2020-7067
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-04-27T21:15:14.593
Modified: 2024-11-21T05:36:36.513
Link: CVE-2020-7067
Redhat