ID

VAR-202004-2062


CVE

CVE-2020-7067


TITLE

PHP Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004899

DESCRIPTION

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. PHP Exists in an out-of-bounds read vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A buffer error vulnerability exists in the 'urldecode()' function in PHP 7.2.x prior to 7.2.30, 7.3.x prior to 7.3.17, and 7.4.x prior to 7.4.5. An attacker could exploit this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4719-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 06, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php7.3 CVE ID : CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 CVE-2020-7067 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or potentially the execution of arbitrary code. For the stable distribution (buster), these problems have been fixed in version 7.3.19-1~deb10u1. We recommend that you upgrade your php7.3 packages. For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl8DlcBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TPrg/+O/2SmuM/9AdyHAnRu7SJ0dlkEkF+FIR8SI2O7orDVLMYuNMdzN6oW9e4 oe+hhFE2iIOcl5lskxXLcnmd30izBxJXq+xJ000k6O0AfRZgVul+OTl5zDUJRKod Y1BuoVt2wUw0BT8V2FjYfu8XTGvDVqQVxc/GuZFExI6OkNcj0WFgdMP0wGu1VRxw FExRyZVHlATSVdH04gMI9BK1B4BVNZh05Qwb8bDD5sO16eamXIR6peuES1OJ4jUn YOfUMP2UgVLBywvHe+5VuXIW2AFj02Aw3Zl9Dgw2QTdylJs+ttf30NKWZP44/VFK wuyZa4y7tq2H31w9LBIvWIogYWe6CZYQeCvpVgSkLQwptRXqFSRC9OPTSKCKqnhN x8DXvLj6MzSO3jokZOLxxO473RGnV+WE1jgZ6LWK5LY8h5HjH5xPkef9v4UBpDQ/ UlEtEwMwceZK2jh3aI3yPoWQ2LIXASBe4+u1bG7Iln31MpTWJ/AdZ0sxWgGX1VqT JevU0IqRdKTX5kY8dE6mlje5G15AG1dNFigeWLHMZ1rJ/VSb2kiM4vrqL1lNBZwe jvsbpnyII4OeL/Zc7fEBnnKtzdDdu6PSv8aI1gSnFQCflMx8/nUbbWxu4J4HxGcW EZg1p2IaCW0hVTMhCwFTDH2EgseAS23XwloXp0i49FM23eJwuMM= =CeOY -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2020-7067 // JVNDB: JVNDB-2020-004899 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-185192 // VULMON: CVE-2020-7067 // PACKETSTORM: 168864 // PACKETSTORM: 168881

AFFECTED PRODUCTS

vendor:tenablemodel:tenable.scscope:ltversion:5.19.0

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:7.4.0

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:7.3.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:7.2.30

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:7.4.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:7.2.0

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:7.3.17

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.4.0.5

Trust: 1.0

vendor:the php groupmodel:phpscope:eqversion:7.2.30 の 7.2.x

Trust: 0.8

vendor:the php groupmodel:phpscope:eqversion:7.3.17 の 7.3.x

Trust: 0.8

vendor:the php groupmodel:phpscope:eqversion:7.4.5 の 7.4.x

Trust: 0.8

sources: JVNDB: JVNDB-2020-004899 // NVD: CVE-2020-7067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7067
value: HIGH

Trust: 1.0

security@php.net: CVE-2020-7067
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004899
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-1407
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-185192
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-7067
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-7067
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004899
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-185192
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-7067
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-004899
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-185192 // VULMON: CVE-2020-7067 // JVNDB: JVNDB-2020-004899 // CNNVD: CNNVD-202004-1407 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-7067 // NVD: CVE-2020-7067

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

problemtype:CWE-196

Trust: 1.0

sources: VULHUB: VHN-185192 // JVNDB: JVNDB-2020-004899 // NVD: CVE-2020-7067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1407

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1407

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004899

PATCH

title:Sec Bug #79465url:https://bugs.php.net/bug.php?id=79465

Trust: 0.8

title:PHP Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116907

Trust: 0.6

title:Amazon Linux AMI: ALAS-2020-1367url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1367

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1368url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1368

Trust: 0.1

title:Debian Security Advisories: DSA-4717-1 php7.0 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a27709c513fb18e7ddf6a588532d9735

Trust: 0.1

title:Debian Security Advisories: DSA-4719-1 php7.3 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=cf2756dc65762c0fef76f47a73a2324a

Trust: 0.1

title:Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-14

Trust: 0.1

title:php7-internalsurl:https://github.com/0xbigshaq/php7-internals

Trust: 0.1

title: - url:https://github.com/imhunterand/hackerone-publicy-disclosed

Trust: 0.1

sources: VULMON: CVE-2020-7067 // JVNDB: JVNDB-2020-004899 // CNNVD: CNNVD-202004-1407

EXTERNAL IDS

db:NVDid:CVE-2020-7067

Trust: 2.8

db:TENABLEid:TNS-2021-14

Trust: 1.8

db:JVNDBid:JVNDB-2020-004899

Trust: 0.8

db:CNNVDid:CNNVD-202004-1407

Trust: 0.7

db:AUSCERTid:ESB-2020.1446

Trust: 0.6

db:AUSCERTid:ESB-2020.4296

Trust: 0.6

db:AUSCERTid:ESB-2020.2307

Trust: 0.6

db:AUSCERTid:ESB-2021.2515

Trust: 0.6

db:AUSCERTid:ESB-2020.2296

Trust: 0.6

db:CS-HELPid:SB2021072292

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-185192

Trust: 0.1

db:VULMONid:CVE-2020-7067

Trust: 0.1

db:PACKETSTORMid:168864

Trust: 0.1

db:PACKETSTORMid:168881

Trust: 0.1

sources: VULHUB: VHN-185192 // VULMON: CVE-2020-7067 // JVNDB: JVNDB-2020-004899 // PACKETSTORM: 168864 // PACKETSTORM: 168881 // CNNVD: CNNVD-202004-1407 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-7067

REFERENCES

url:https://www.tenable.com/security/tns-2021-14

Trust: 1.8

url:https://bugs.php.net/bug.php?id=79465

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20200504-0001/

Trust: 1.8

url:https://www.debian.org/security/2020/dsa-4717

Trust: 1.8

url:https://www.debian.org/security/2020/dsa-4719

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-7067

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7067

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1446/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vulnerable-to-sensitive-information-leak-php-cve-2020-7067/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072292

Trust: 0.6

url:https://vigilance.fr/vulnerability/php-multiple-vulnerabilities-32047

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2307/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2515

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2296/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4296/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-7064

Trust: 0.2

url:https://www.debian.org/security/faq

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-7066

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-7062

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11048

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-7063

Trust: 0.2

url:https://www.debian.org/security/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/0xbigshaq/php7-internals

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2020-1367.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7065

Trust: 0.1

url:https://security-tracker.debian.org/tracker/php7.3

Trust: 0.1

url:https://security-tracker.debian.org/tracker/php7.0

Trust: 0.1

sources: VULHUB: VHN-185192 // VULMON: CVE-2020-7067 // JVNDB: JVNDB-2020-004899 // PACKETSTORM: 168864 // PACKETSTORM: 168881 // CNNVD: CNNVD-202004-1407 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-7067

CREDITS

Debian

Trust: 0.2

sources: PACKETSTORM: 168864 // PACKETSTORM: 168881

SOURCES

db:VULHUBid:VHN-185192
db:VULMONid:CVE-2020-7067
db:JVNDBid:JVNDB-2020-004899
db:PACKETSTORMid:168864
db:PACKETSTORMid:168881
db:CNNVDid:CNNVD-202004-1407
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2020-7067

LAST UPDATE DATE

2024-08-14T12:22:00.523000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-185192date:2022-05-16T00:00:00
db:VULMONid:CVE-2020-7067date:2022-05-16T00:00:00
db:JVNDBid:JVNDB-2020-004899date:2020-06-01T00:00:00
db:CNNVDid:CNNVD-202004-1407date:2022-05-17T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2020-7067date:2022-05-16T19:57:47.077

SOURCES RELEASE DATE

db:VULHUBid:VHN-185192date:2020-04-27T00:00:00
db:VULMONid:CVE-2020-7067date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2020-004899date:2020-06-01T00:00:00
db:PACKETSTORMid:168864date:2020-07-28T19:12:00
db:PACKETSTORMid:168881date:2020-07-28T19:12:00
db:CNNVDid:CNNVD-202004-1407date:2020-04-16T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2020-7067date:2020-04-27T21:15:14.593