When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
https://bugs.php.net/bug.php?id=79037
https://seclists.org/bugtraq/2020/Feb/27
https://www.debian.org/security/2020/dsa-4626
https://usn.ubuntu.com/4279-1/
https://seclists.org/bugtraq/2020/Feb/31
https://www.debian.org/security/2020/dsa-4628
https://security.netapp.com/advisory/ntap-20200221-0002/
https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
https://security.gentoo.org/glsa/202003-57
https://www.oracle.com/security-alerts/cpujul2020.html
https://seclists.org/bugtraq/2021/Jan/3
Source: MITRE
Published: 2020-02-10
Updated: 2022-07-01
Type: CWE-125
Base Score: 6.4
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact Score: 4.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 9.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Impact Score: 5.2
Exploitability Score: 3.9
Severity: CRITICAL