In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2020-04-27T20:38:39.634265Z

Updated: 2024-09-17T02:21:12.549Z

Reserved: 2020-01-15T00:00:00

Link: CVE-2020-7067

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-04-27T21:15:14.593

Modified: 2024-11-21T05:36:36.513

Link: CVE-2020-7067

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-04-10T00:00:00Z

Links: CVE-2020-7067 - Bugzilla