Total vulnerabilities in the database
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
| Software | From | Fixed in |
|---|---|---|
| php / php | 7.3.0 | 7.3.16 |
| php / php | 7.4.0 | 7.4.4 |
| debian / debian_linux | 10.0 | 10.0.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 19.10 | 19.10.x |
| canonical / ubuntu_linux | 20.04 | 20.04.x |
| tenable / tenable.sc | - | 5.19.0 |