{"id":"BIT-libphp-2020-7065","summary":"mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full","details":"In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.","aliases":["BIT-php-2020-7065","BIT-php-min-2020-7065","CVE-2020-7065"],"modified":"2025-08-11T15:13:44.934855Z","published":"2025-08-11T13:53:07.698Z","database_specific":{"cpes":["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"],"severity":"High"},"references":[{"type":"WEB","url":"https://bugs.php.net/bug.php?id=79371"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7065"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20200403-0001/"},{"type":"WEB","url":"https://usn.ubuntu.com/4330-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4330-2/"},{"type":"WEB","url":"https://www.debian.org/security/2020/dsa-4719"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"WEB","url":"https://www.php.net/ChangeLog-7.php#7.4.4"},{"type":"WEB","url":"https://www.tenable.com/security/tns-2021-14"}],"affected":[{"package":{"name":"libphp","ecosystem":"Bitnami","purl":"pkg:bitnami/libphp"},"ranges":[{"type":"SEMVER","events":[{"introduced":"7.3.0"},{"fixed":"7.3.16"},{"introduced":"7.4.0"},{"fixed":"7.4.4"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/libphp/BIT-libphp-2020-7065.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}