When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
https://bugs.php.net/bug.php?id=79099
https://seclists.org/bugtraq/2020/Feb/27
https://www.debian.org/security/2020/dsa-4626
https://usn.ubuntu.com/4279-1/
https://seclists.org/bugtraq/2020/Feb/31
https://www.debian.org/security/2020/dsa-4628
https://security.netapp.com/advisory/ntap-20200221-0002/
https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
https://security.gentoo.org/glsa/202003-57
https://www.oracle.com/security-alerts/cpujul2020.html
https://seclists.org/bugtraq/2021/Jan/3
Source: MITRE
Published: 2020-02-10
Updated: 2022-07-01
Type: CWE-125
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Impact Score: 5.2
Exploitability Score: 3.9
Severity: CRITICAL