Memory Access Vulnerability in PHP's urldecode() Function

Memory Access Vulnerability in PHP's urldecode() Function

CVE-2020-7067 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

Learn more about our Web Application Penetration Testing UK.