Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full
Vulnerability Description
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
PHP 缓冲区错误漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHPGroup和开放源代码社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP 7.3.16之前的7.3.x版本和7.4.4之前的7.4.x版本中存在缓冲区错误漏洞。攻击者可利用该漏洞导致内存损坏,崩溃以及代码执行。
CVSS Information
N/A
Vulnerability Type
N/A