Details of VAR-202004-2062

ID

VAR-202004-2062

CVE

CVE-2020-7067

TITLE

PHP Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004899

DESCRIPTION

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. PHP Exists in an out-of-bounds read vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in the 'urldecode()' function in PHP 7.2.x prior to 7.2.30, 7.3.x prior to 7.3.17, and 7.4.x prior to 7.4.5. An attacker could exploit this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4719-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 06, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php7.3 CVE ID : CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 CVE-2020-7067 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or potentially the execution of arbitrary code. For the stable distribution (buster), these problems have been fixed in version 7.3.19-1~deb10u1. We recommend that you upgrade your php7.3 packages. For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8DlcBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TPrg/+O/2SmuM/9AdyHAnRu7SJ0dlkEkF+FIR8SI2O7orDVLMYuNMdzN6oW9e4 oe+hhFE2iIOcl5lskxXLcnmd30izBxJXq+xJ000k6O0AfRZgVul+OTl5zDUJRKod Y1BuoVt2wUw0BT8V2FjYfu8XTGvDVqQVxc/GuZFExI6OkNcj0WFgdMP0wGu1VRxw FExRyZVHlATSVdH04gMI9BK1B4BVNZh05Qwb8bDD5sO16eamXIR6peuES1OJ4jUn YOfUMP2UgVLBywvHe+5VuXIW2AFj02Aw3Zl9Dgw2QTdylJs+ttf30NKWZP44/VFK wuyZa4y7tq2H31w9LBIvWIogYWe6CZYQeCvpVgSkLQwptRXqFSRC9OPTSKCKqnhN x8DXvLj6MzSO3jokZOLxxO473RGnV+WE1jgZ6LWK5LY8h5HjH5xPkef9v4UBpDQ/ UlEtEwMwceZK2jh3aI3yPoWQ2LIXASBe4+u1bG7Iln31MpTWJ/AdZ0sxWgGX1VqT JevU0IqRdKTX5kY8dE6mlje5G15AG1dNFigeWLHMZ1rJ/VSb2kiM4vrqL1lNBZwe jvsbpnyII4OeL/Zc7fEBnnKtzdDdu6PSv8aI1gSnFQCflMx8/nUbbWxu4J4HxGcW EZg1p2IaCW0hVTMhCwFTDH2EgseAS23XwloXp0i49FM23eJwuMM= =CeOY -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2020-7067 // JVNDB: JVNDB-2020-004899 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-185192 // VULMON: CVE-2020-7067 // PACKETSTORM: 168864 // PACKETSTORM: 168881

AFFECTED PRODUCTS

vendor:	tenable	model:	tenable.sc	scope:	lt	version:	5.19.0	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.3.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	7.2.30	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	7.4.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	7.3.17	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.4.0.5	Trust: 1.0
vendor:	the php group	model:	php	scope:	eq	version:	7.2.30 の 7.2.x	Trust: 0.8
vendor:	the php group	model:	php	scope:	eq	version:	7.3.17 の 7.3.x	Trust: 0.8
vendor:	the php group	model:	php	scope:	eq	version:	7.4.5 の 7.4.x	Trust: 0.8

sources: JVNDB: JVNDB-2020-004899 // NVD: CVE-2020-7067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7067
value:	HIGH
Trust: 1.0
security@php.net:	CVE-2020-7067
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-004899
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202004-1407
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-185192
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-7067
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-7067
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-004899
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-185192
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-7067
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-004899
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-185192 // VULMON: CVE-2020-7067 // JVNDB: JVNDB-2020-004899 // CNNVD: CNNVD-202004-1407 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-7067 // NVD: CVE-2020-7067

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.9
problemtype:	CWE-196	Trust: 1.0

sources: VULHUB: VHN-185192 // JVNDB: JVNDB-2020-004899 // NVD: CVE-2020-7067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1407

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1407

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004899

PATCH

title:	Sec Bug #79465	url:	https://bugs.php.net/bug.php?id=79465	Trust: 0.8
title:	PHP Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116907	Trust: 0.6
title:	Amazon Linux AMI: ALAS-2020-1367	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1367	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1368	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1368	Trust: 0.1
title:	Debian Security Advisories: DSA-4717-1 php7.0 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a27709c513fb18e7ddf6a588532d9735	Trust: 0.1
title:	Debian Security Advisories: DSA-4719-1 php7.3 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=cf2756dc65762c0fef76f47a73a2324a	Trust: 0.1
title:	Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-14	Trust: 0.1
title:	php7-internals	url:	https://github.com/0xbigshaq/php7-internals	Trust: 0.1
title:	-	url:	https://github.com/imhunterand/hackerone-publicy-disclosed	Trust: 0.1

sources: VULMON: CVE-2020-7067 // JVNDB: JVNDB-2020-004899 // CNNVD: CNNVD-202004-1407

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7067	Trust: 2.8
db:	TENABLE	id:	TNS-2021-14	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-004899	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-1407	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1446	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4296	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2307	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2515	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2296	Trust: 0.6
db:	CS-HELP	id:	SB2021072292	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-185192	Trust: 0.1
db:	VULMON	id:	CVE-2020-7067	Trust: 0.1
db:	PACKETSTORM	id:	168864	Trust: 0.1
db:	PACKETSTORM	id:	168881	Trust: 0.1

sources: VULHUB: VHN-185192 // VULMON: CVE-2020-7067 // JVNDB: JVNDB-2020-004899 // PACKETSTORM: 168864 // PACKETSTORM: 168881 // CNNVD: CNNVD-202004-1407 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-7067

REFERENCES

url:	https://www.tenable.com/security/tns-2021-14	Trust: 1.8
url:	https://bugs.php.net/bug.php?id=79465	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20200504-0001/	Trust: 1.8
url:	https://www.debian.org/security/2020/dsa-4717	Trust: 1.8
url:	https://www.debian.org/security/2020/dsa-4719	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7067	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7067	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1446/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vulnerable-to-sensitive-information-leak-php-cve-2020-7067/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072292	Trust: 0.6
url:	https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-32047	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2307/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2515	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2296/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4296/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7064	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7066	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7062	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11048	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7063	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/0xbigshaq/php7-internals	Trust: 0.1
url:	https://alas.aws.amazon.com/alas-2020-1367.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7065	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/php7.3	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/php7.0	Trust: 0.1

CREDITS

Debian

Trust: 0.2

sources: PACKETSTORM: 168864 // PACKETSTORM: 168881

SOURCES

db:	VULHUB	id:	VHN-185192
db:	VULMON	id:	CVE-2020-7067
db:	JVNDB	id:	JVNDB-2020-004899
db:	PACKETSTORM	id:	168864
db:	PACKETSTORM	id:	168881
db:	CNNVD	id:	CNNVD-202004-1407
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2020-7067

LAST UPDATE DATE

2024-08-14T12:22:00.523000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-185192	date:	2022-05-16T00:00:00
db:	VULMON	id:	CVE-2020-7067	date:	2022-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-004899	date:	2020-06-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-1407	date:	2022-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2020-7067	date:	2022-05-16T19:57:47.077

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-185192	date:	2020-04-27T00:00:00
db:	VULMON	id:	CVE-2020-7067	date:	2020-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-004899	date:	2020-06-01T00:00:00
db:	PACKETSTORM	id:	168864	date:	2020-07-28T19:12:00
db:	PACKETSTORM	id:	168881	date:	2020-07-28T19:12:00
db:	CNNVD	id:	CNNVD-202004-1407	date:	2020-04-16T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2020-7067	date:	2020-04-27T21:15:14.593