PHP versions 7.3.x below 7.3.16 suffers from out-of-bounds write vulnerability.
The information has been provided by Vendor
The original article can be found at:https://bugs.php.net/bug.php?id=79371
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
PHP versions 7.3.x below 7.3.16
PHP versions 7.4.x below 7.4.34