PHP is vulnerable to remote code execution (RCE). While using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CPE | Name | Operator | Version |
---|---|---|---|
php7:3.11 | eq | 7.3.15-r0 | |
rh-php73-php | eq | 7.3.11__1.el7 | |
php7:edge | eq | 7.3.15-r2 | |
php7:3.11 | eq | 7.3.15-r0 | |
rh-php73-php | eq | 7.3.11__1.el7 | |
php7:edge | eq | 7.3.15-r2 |