VYPR
High severity7.5NVD Advisory· Published Apr 27, 2020· Updated Jun 17, 2026

CVE-2020-7067

CVE-2020-7067

Description

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • PHP/PHPllm-fuzzy2 versions
    <7.2.30, <7.3.17, <7.4.5+ 1 more
    • (no CPE)range: <7.2.30, <7.3.17, <7.4.5
    • (no CPE)range: 7.2.x below 7.2.30
  • osv-coords3 versions
    >= 7.2.0, < 7.2.30+ 2 more
    • (no CPE)range: >= 7.2.0, < 7.2.30
    • (no CPE)range: >= 7.2.0, < 7.2.30
    • (no CPE)range: >= 7.2.0, < 7.2.30

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.