cvelistv5 - cve-2020-7067

cve-2020-7067

Vulnerability from cvelistv5

Published

2020-04-27 20:38

Modified

2024-09-17 02:21

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
[email protected]	https://bugs.php.net/bug.php?id=79465	Exploit, Vendor Advisory
[email protected]	https://security.netapp.com/advisory/ntap-20200504-0001/	Third Party Advisory
[email protected]	https://www.debian.org/security/2020/dsa-4717	Third Party Advisory
[email protected]	https://www.debian.org/security/2020/dsa-4719	Third Party Advisory
[email protected]	https://www.oracle.com/security-alerts/cpuApr2021.html	Not Applicable, Third Party Advisory
[email protected]	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
[email protected]	https://www.tenable.com/security/tns-2021-14	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=79465	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200504-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4717	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4719	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuApr2021.html	Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2021-14	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Version: 7.2.x below 7.2.30 Version: 7.3.x below 7.3.17 and 7.4.x below 7.4.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4717",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4717"
          },
          {
            "name": "DSA-4719",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4719"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=79465"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.x below 7.2.30"
            },
            {
              "status": "affected",
              "version": "7.3.x below 7.3.17 and 7.4.x below 7.4.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "bigshaq at wearehackerone dot com"
        }
      ],
      "datePublic": "2020-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-196",
              "description": "CWE-196 Unsigned to Signed Conversion Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T17:07:31",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "name": "DSA-4717",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4717"
        },
        {
          "name": "DSA-4719",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4719"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=79465"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=79465"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "OOB Read in urldecode()",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "[email protected]",
          "DATE_PUBLIC": "2020-04-14T03:10:00.000Z",
          "ID": "CVE-2020-7067",
          "STATE": "PUBLIC",
          "TITLE": "OOB Read in urldecode()"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.2.x below 7.2.30"
                          },
                          {
                            "version_value": "7.3.x below 7.3.17 and 7.4.x below 7.4.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "bigshaq at wearehackerone dot com"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-196 Unsigned to Signed Conversion Error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4717",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4717"
            },
            {
              "name": "DSA-4719",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4719"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=79465",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=79465"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200504-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=79465"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2020-7067",
    "datePublished": "2020-04-27T20:38:39.634265Z",
    "dateReserved": "2020-01-15T00:00:00",
    "dateUpdated": "2024-09-17T02:21:12.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7067\",\"sourceIdentifier\":\"[email protected]\",\"published\":\"2020-04-27T21:15:14.593\",\"lastModified\":\"2024-11-21T05:36:36.513\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.\"},{\"lang\":\"es\",\"value\":\"En PHP versiones 7.2.x por debajo de 7.2.30, versiones 7.3.x debajo de 7.3.17 y versiones 7.4.x por debajo de 7.4.5, si PHP es compilado con soporte EBCDIC (poco com\u00fan), la funci\u00f3n urldecode() puede ser hecha para acceder a ubicaciones m\u00e1s all\u00e1 del memoria asignada, debido al uso err\u00f3neo de n\u00fameros con signo como \u00edndices de matriz.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"[email protected]\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"[email protected]\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"[email protected]\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"[email protected]\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-196\"}]},{\"source\":\"[email protected]\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.30\",\"matchCriteriaId\":\"BCA61CC4-F137-461B-8B8A-3EC3F502BF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.0\",\"versionEndExcluding\":\"7.3.17\",\"matchCriteriaId\":\"461B71F9-8BE5-4E97-807E-03D180AC6122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.5\",\"matchCriteriaId\":\"AE8B571C-CCD8-418D-A29A-D9EBC06CAE2D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.19.0\",\"matchCriteriaId\":\"41DBA7C7-8084-45F6-B59D-13A9022C34DF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0\",\"versionEndIncluding\":\"8.4.0.5\",\"matchCriteriaId\":\"12981AA7-BBF6-4158-8F7D-9DD3880FDCC1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugs.php.net/bug.php?id=79465\",\"source\":\"[email protected]\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200504-0001/\",\"source\":\"[email protected]\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4717\",\"source\":\"[email protected]\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4719\",\"source\":\"[email protected]\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"[email protected]\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"[email protected]\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"[email protected]\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.php.net/bug.php?id=79465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20200504-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4719\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

gsd-2020-7067

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-7067

Aliases

CVE-2020-7067

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7067",
    "description": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.",
    "id": "GSD-2020-7067",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-7067.html",
      "https://www.debian.org/security/2020/dsa-4719",
      "https://www.debian.org/security/2020/dsa-4717",
      "https://advisories.mageia.org/CVE-2020-7067.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2020-7067.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7067"
      ],
      "details": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.",
      "id": "GSD-2020-7067",
      "modified": "2023-12-13T01:21:52.012156Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "[email protected]",
        "DATE_PUBLIC": "2020-04-14T03:10:00.000Z",
        "ID": "CVE-2020-7067",
        "STATE": "PUBLIC",
        "TITLE": "OOB Read in urldecode()"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PHP",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.2.x below 7.2.30"
                        },
                        {
                          "version_value": "7.3.x below 7.3.17 and 7.4.x below 7.4.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "PHP Group"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "bigshaq at wearehackerone dot com"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-125 Out-of-bounds Read"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-196 Unsigned to Signed Conversion Error"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-4717",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4717"
          },
          {
            "name": "DSA-4719",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4719"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "https://bugs.php.net/bug.php?id=79465",
            "refsource": "CONFIRM",
            "url": "https://bugs.php.net/bug.php?id=79465"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20200504-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "https://www.tenable.com/security/tns-2021-14",
            "refsource": "CONFIRM",
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ]
      },
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=79465"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.5",
                "versionStartIncluding": "7.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3.17",
                "versionStartIncluding": "7.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.2.30",
                "versionStartIncluding": "7.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.4.0.5",
                "versionStartIncluding": "8.0.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "[email protected]",
          "ID": "CVE-2020-7067"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=79465",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://bugs.php.net/bug.php?id=79465"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200504-0001/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
            },
            {
              "name": "DSA-4717",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4717"
            },
            {
              "name": "DSA-4719",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4719"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "tags": [
                "Not Applicable",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-05-16T19:57Z",
      "publishedDate": "2020-04-27T21:15Z"
    }
  }
}

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. PHP Exists in an out-of-bounds read vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in the 'urldecode()' function in PHP 7.2.x prior to 7.2.30, 7.3.x prior to 7.3.17, and 7.4.x prior to 7.4.5. An attacker could exploit this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Debian Security Advisory DSA-4719-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 06, 2020 https://www.debian.org/security/faq

Package : php7.3 CVE ID : CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 CVE-2020-7067

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or potentially the execution of arbitrary code.

For the stable distribution (buster), these problems have been fixed in version 7.3.19-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: [email protected] -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8DlcBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TPrg/+O/2SmuM/9AdyHAnRu7SJ0dlkEkF+FIR8SI2O7orDVLMYuNMdzN6oW9e4 oe+hhFE2iIOcl5lskxXLcnmd30izBxJXq+xJ000k6O0AfRZgVul+OTl5zDUJRKod Y1BuoVt2wUw0BT8V2FjYfu8XTGvDVqQVxc/GuZFExI6OkNcj0WFgdMP0wGu1VRxw FExRyZVHlATSVdH04gMI9BK1B4BVNZh05Qwb8bDD5sO16eamXIR6peuES1OJ4jUn YOfUMP2UgVLBywvHe+5VuXIW2AFj02Aw3Zl9Dgw2QTdylJs+ttf30NKWZP44/VFK wuyZa4y7tq2H31w9LBIvWIogYWe6CZYQeCvpVgSkLQwptRXqFSRC9OPTSKCKqnhN x8DXvLj6MzSO3jokZOLxxO473RGnV+WE1jgZ6LWK5LY8h5HjH5xPkef9v4UBpDQ/ UlEtEwMwceZK2jh3aI3yPoWQ2LIXASBe4+u1bG7Iln31MpTWJ/AdZ0sxWgGX1VqT JevU0IqRdKTX5kY8dE6mlje5G15AG1dNFigeWLHMZ1rJ/VSb2kiM4vrqL1lNBZwe jvsbpnyII4OeL/Zc7fEBnnKtzdDdu6PSv8aI1gSnFQCflMx8/nUbbWxu4J4HxGcW EZg1p2IaCW0hVTMhCwFTDH2EgseAS23XwloXp0i49FM23eJwuMM= =CeOY -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-2062",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.17"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4.0.5"
      },
      {
        "model": "tenable.sc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "5.19.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.2.30"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.0"
      },
      {
        "model": "php",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.4.5"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.0.0.0"
      },
      {
        "model": "php",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "php",
        "version": "7.3.0"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.2.30 \u306e 7.2.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.3.17 \u306e 7.3.x"
      },
      {
        "model": "php",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "the php group",
        "version": "7.4.5 \u306e 7.4.x"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:php:php",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2020-7067",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "[email protected]",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-7067",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004899",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-185192",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "[email protected]",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-7067",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004899",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "[email protected]",
            "id": "CVE-2020-7067",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "[email protected]",
            "id": "CVE-2020-7067",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004899",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-1407",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-185192",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-7067",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. PHP Exists in an out-of-bounds read vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in the \u0027urldecode()\u0027 function in PHP 7.2.x prior to 7.2.30, 7.3.x prior to 7.3.17, and 7.4.x prior to 7.4.5. An attacker could exploit this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4719-1                   [email protected]\nhttps://www.debian.org/security/                     Salvatore Bonaccorso\nJuly 06, 2020                         https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : php7.3\nCVE ID         : CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064\n                 CVE-2020-7065 CVE-2020-7066 CVE-2020-7067\n\nMultiple security issues were found in PHP, a widely-used open source\ngeneral purpose scripting language which could result in information\ndisclosure, denial of service or potentially the execution of arbitrary\ncode. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.19-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: [email protected]\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8DlcBfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0TPrg/+O/2SmuM/9AdyHAnRu7SJ0dlkEkF+FIR8SI2O7orDVLMYuNMdzN6oW9e4\noe+hhFE2iIOcl5lskxXLcnmd30izBxJXq+xJ000k6O0AfRZgVul+OTl5zDUJRKod\nY1BuoVt2wUw0BT8V2FjYfu8XTGvDVqQVxc/GuZFExI6OkNcj0WFgdMP0wGu1VRxw\nFExRyZVHlATSVdH04gMI9BK1B4BVNZh05Qwb8bDD5sO16eamXIR6peuES1OJ4jUn\nYOfUMP2UgVLBywvHe+5VuXIW2AFj02Aw3Zl9Dgw2QTdylJs+ttf30NKWZP44/VFK\nwuyZa4y7tq2H31w9LBIvWIogYWe6CZYQeCvpVgSkLQwptRXqFSRC9OPTSKCKqnhN\nx8DXvLj6MzSO3jokZOLxxO473RGnV+WE1jgZ6LWK5LY8h5HjH5xPkef9v4UBpDQ/\nUlEtEwMwceZK2jh3aI3yPoWQ2LIXASBe4+u1bG7Iln31MpTWJ/AdZ0sxWgGX1VqT\nJevU0IqRdKTX5kY8dE6mlje5G15AG1dNFigeWLHMZ1rJ/VSb2kiM4vrqL1lNBZwe\njvsbpnyII4OeL/Zc7fEBnnKtzdDdu6PSv8aI1gSnFQCflMx8/nUbbWxu4J4HxGcW\nEZg1p2IaCW0hVTMhCwFTDH2EgseAS23XwloXp0i49FM23eJwuMM=\n=CeOY\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-7067",
        "trust": 2.8
      },
      {
        "db": "TENABLE",
        "id": "TNS-2021-14",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1446",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4296",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2307",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2515",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2296",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072292",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-185192",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168864",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168881",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "id": "VAR-202004-2062",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:38:12.045000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Sec Bug #79465",
        "trust": 0.8,
        "url": "https://bugs.php.net/bug.php?id=79465"
      },
      {
        "title": "PHP Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116907"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1367",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1367"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1368",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1368"
      },
      {
        "title": "Debian Security Advisories: DSA-4717-1 php7.0 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a27709c513fb18e7ddf6a588532d9735"
      },
      {
        "title": "Debian Security Advisories: DSA-4719-1 php7.3 -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=cf2756dc65762c0fef76f47a73a2324a"
      },
      {
        "title": "Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-14"
      },
      {
        "title": "php7-internals",
        "trust": 0.1,
        "url": "https://github.com/0xbigshaq/php7-internals "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-196",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.tenable.com/security/tns-2021-14"
      },
      {
        "trust": 1.8,
        "url": "https://bugs.php.net/bug.php?id=79465"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2020/dsa-4717"
      },
      {
        "trust": 1.8,
        "url": "https://www.debian.org/security/2020/dsa-4719"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
      },
      {
        "trust": 1.8,
        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7067"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7067"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1446/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vulnerable-to-sensitive-information-leak-php-cve-2020-7067/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-32047"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2307/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2296/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4296/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7064"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7066"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7062"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11048"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7063"
      },
      {
        "trust": 0.2,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/0xbigshaq/php7-internals"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/alas-2020-1367.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7065"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.3"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/php7.0"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "db": "PACKETSTORM",
        "id": "168881"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "date": "2020-04-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "date": "2020-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168864"
      },
      {
        "date": "2020-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168881"
      },
      {
        "date": "2020-04-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2020-04-27T21:15:14.593000",
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-185192"
      },
      {
        "date": "2022-05-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-7067"
      },
      {
        "date": "2020-06-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      },
      {
        "date": "2022-05-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2024-11-21T05:36:36.513000",
        "db": "NVD",
        "id": "CVE-2020-7067"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP Out-of-bounds read vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004899"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-1407"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2020-7067

Vulnerability from fkie_nvd

Published

2020-04-27 21:15

Modified

2024-11-21 05:36

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
[email protected]	https://bugs.php.net/bug.php?id=79465	Exploit, Vendor Advisory
[email protected]	https://security.netapp.com/advisory/ntap-20200504-0001/	Third Party Advisory
[email protected]	https://www.debian.org/security/2020/dsa-4717	Third Party Advisory
[email protected]	https://www.debian.org/security/2020/dsa-4719	Third Party Advisory
[email protected]	https://www.oracle.com/security-alerts/cpuApr2021.html	Not Applicable, Third Party Advisory
[email protected]	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
[email protected]	https://www.tenable.com/security/tns-2021-14	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=79465	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20200504-0001/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4717	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4719	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuApr2021.html	Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2021-14	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
php	php	*
php	php	*
php	php	*
tenable	tenable.sc	*
oracle	communications_diameter_signaling_router	*
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA61CC4-F137-461B-8B8A-3EC3F502BF33",
              "versionEndExcluding": "7.2.30",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "461B71F9-8BE5-4E97-807E-03D180AC6122",
              "versionEndExcluding": "7.3.17",
              "versionStartIncluding": "7.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE8B571C-CCD8-418D-A29A-D9EBC06CAE2D",
              "versionEndExcluding": "7.4.5",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF",
              "versionEndExcluding": "5.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1",
              "versionEndIncluding": "8.4.0.5",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
    },
    {
      "lang": "es",
      "value": "En PHP versiones 7.2.x por debajo de 7.2.30, versiones 7.3.x debajo de 7.3.17 y versiones 7.4.x por debajo de 7.4.5, si PHP es compilado con soporte EBCDIC (poco com\u00fan), la funci\u00f3n urldecode() puede ser hecha para acceder a ubicaciones m\u00e1s all\u00e1 del memoria asignada, debido al uso err\u00f3neo de n\u00fameros con signo como \u00edndices de matriz."
    }
  ],
  "id": "CVE-2020-7067",
  "lastModified": "2024-11-21T05:36:36.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "[email protected]",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "[email protected]",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "[email protected]",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-27T21:15:14.593",
  "references": [
    {
      "source": "[email protected]",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79465"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4717"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4719"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "sourceIdentifier": "[email protected]",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-196"
        }
      ],
      "source": "[email protected]",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "[email protected]",
      "type": "Primary"
    }
  ]
}

ghsa-8hqm-3r2c-qg9c

Vulnerability from github

Published

2022-05-24 17:16

Modified

2022-05-24 17:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-7067"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-27T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.",
  "id": "GHSA-8hqm-3r2c-qg9c",
  "modified": "2022-05-24T17:16:37Z",
  "published": "2022-05-24T17:16:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7067"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=79465"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200504-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4717"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4719"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-7067

Vulnerability from cvelistv5

gsd-2020-7067

Vulnerability from gsd

var-202004-2062

Vulnerability from variot

fkie_cve-2020-7067

Vulnerability from fkie_nvd

ghsa-8hqm-3r2c-qg9c

Vulnerability from github

Tags

Sightings

Nomenclature