In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. CREATE(Triage):(User=admin) [CVE-2020-7065|https://nvd.nist.gov/vuln/detail/CVE-2020-7065]