Details of VAR-202010-1571

ID

VAR-202010-1571

CVE

CVE-2020-7069

TITLE

PHP Vulnerability in cryptography

Trust: 0.8

sources: JVNDB: JVNDB-2020-012092

DESCRIPTION

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. PHP Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in PHP versions 7.2.0, 7.3.0 and 7.4.0 due to the fact that the 'mbfl_filt_conv_big5_wchar' function does not check bounds properly. A remote attacker could exploit this vulnerability with specially crafted parameters to execute arbitrary code on the system or cause an application to crash. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2021:2992-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2992 Issue date: 2021-08-03 CVE Names: CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21705 ==================================================================== 1. Summary: An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.29). (BZ#1977764) Security Fix(es): * php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069) * php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071) * php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705) * php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068) * php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070) * php: NULL pointer dereference in SoapClient (CVE-2021-21702) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function 1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV 1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server 1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo 1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient 1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z] 1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php73-php-7.3.29-1.el7.src.rpm ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-php73-php-7.3.29-1.el7.src.rpm ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php73-php-7.3.29-1.el7.src.rpm x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-7068 https://access.redhat.com/security/cve/CVE-2020-7069 https://access.redhat.com/security/cve/CVE-2020-7070 https://access.redhat.com/security/cve/CVE-2020-7071 https://access.redhat.com/security/cve/CVE-2021-21702 https://access.redhat.com/security/cve/CVE-2021-21705 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV Wy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C 2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW tWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2 T/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw AGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW 4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz obgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH x85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd WCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq ZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25 OwqKXJAGJYo=waMi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: PHP: Multiple vulnerabilities Date: December 23, 2020 Bugs: #711140, #745993, #756775 ID: 202012-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Background ========== PHP is an open source general-purpose scripting language that is especially suited for web development. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 8.0.0 >= 7.2.34-r1:7.2 >= 7.3.25:7.3 >= 7.4.13:7.4 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers and change log referenced below for details. Impact ====== An attacker could cause a Denial of Service condition or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 7.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.34-r1:7.2" All PHP 7.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.25:7.3" All PHP 7.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.13:7.4" References ========== [ 1 ] CVE-2020-7069 https://nvd.nist.gov/vuln/detail/CVE-2020-7069 [ 2 ] CVE-2020-7070 https://nvd.nist.gov/vuln/detail/CVE-2020-7070 [ 3 ] PHP 7.4.13 Change Log https://www.php.net/ChangeLog-7.php#7.4.13 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202012-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4583-2 October 27, 2020 php7.4 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 Summary: Several security issues were fixed in PHP. This update provides the corresponding update for Ubuntu 20.10. Original advisory details: It was discovered that PHP incorrectly handled certain encrypt ciphers. (CVE-2020-7069) It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libapache2-mod-php7.4 7.4.9-1ubuntu1.1 php7.4-cgi 7.4.9-1ubuntu1.1 php7.4-cli 7.4.9-1ubuntu1.1 php7.4-curl 7.4.9-1ubuntu1.1 php7.4-fpm 7.4.9-1ubuntu1.1 In general, a standard system update will make all the necessary changes. For the stable distribution (buster), these problems have been fixed in version 7.3.27-1~deb10u1. We recommend that you upgrade your php7.3 packages. For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8 TjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef PCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH DAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3 AWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl 8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv /lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY YDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En vzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR 0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd 622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX lbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ= =9Q7e -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2020-7069 // JVNDB: JVNDB-2020-012092 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-185194 // VULMON: CVE-2020-7069 // PACKETSTORM: 164839 // PACKETSTORM: 163727 // PACKETSTORM: 159564 // PACKETSTORM: 160708 // PACKETSTORM: 159722 // PACKETSTORM: 168990

AFFECTED PRODUCTS

vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	tenable	model:	tenable.sc	scope:	lt	version:	5.19.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.3.0	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.5.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	7.3.23	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	7.4.11	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	7.2.34	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	the php group	model:	php	scope:	-	version:	-	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	clustered data ontap	scope:	-	version:	-	Trust: 0.8
vendor:	opensuse	model:	leap	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012092 // NVD: CVE-2020-7069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7069
value:	MEDIUM
Trust: 1.0
security@php.net:	CVE-2020-7069
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-7069
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202005-435
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-185194
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-7069
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-7069
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-185194
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-7069
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0
security@php.net:	CVE-2020-7069
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2020-7069
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-185194 // VULMON: CVE-2020-7069 // JVNDB: JVNDB-2020-012092 // CNNVD: CNNVD-202005-435 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-7069 // NVD: CVE-2020-7069

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0
problemtype:	Inadequate encryption strength (CWE-326) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-185194 // JVNDB: JVNDB-2020-012092 // NVD: CVE-2020-7069

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-435

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-435

PATCH

title:	openSUSE Leap 15.2 The PHP GroupPHP Bugs	url:	https://usn.ubuntu.com/4583-1/	Trust: 0.8
title:	PHP Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=118684	Trust: 0.6
title:	Amazon Linux AMI: ALAS-2020-1440	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1440	Trust: 0.1
title:	Debian Security Advisories: DSA-4856-1 php7.3 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=02a4cb271948bb2c8ad70e07948c2253	Trust: 0.1
title:	Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-14	Trust: 0.1
title:	OpenSSL-CVE-lib	url:	https://github.com/chnzzh/OpenSSL-CVE-lib	Trust: 0.1

sources: VULMON: CVE-2020-7069 // JVNDB: JVNDB-2020-012092 // CNNVD: CNNVD-202005-435

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7069	Trust: 3.2
db:	TENABLE	id:	TNS-2021-14	Trust: 1.8
db:	PACKETSTORM	id:	159722	Trust: 0.8
db:	PACKETSTORM	id:	160708	Trust: 0.8
db:	PACKETSTORM	id:	164839	Trust: 0.8
db:	PACKETSTORM	id:	159564	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-012092	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-435	Trust: 0.7
db:	PACKETSTORM	id:	163727	Trust: 0.7
db:	CS-HELP	id:	SB2021080321	Trust: 0.6
db:	CS-HELP	id:	SB2021072292	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3787	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2608	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0606	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.6055	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3671	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3541	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2515	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3581	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CNVD	id:	CNVD-2020-33149	Trust: 0.1
db:	VULHUB	id:	VHN-185194	Trust: 0.1
db:	VULMON	id:	CVE-2020-7069	Trust: 0.1
db:	PACKETSTORM	id:	168990	Trust: 0.1

sources: VULHUB: VHN-185194 // VULMON: CVE-2020-7069 // JVNDB: JVNDB-2020-012092 // PACKETSTORM: 164839 // PACKETSTORM: 163727 // PACKETSTORM: 159564 // PACKETSTORM: 160708 // PACKETSTORM: 159722 // PACKETSTORM: 168990 // CNNVD: CNNVD-202005-435 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-7069

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-7069	Trust: 2.0
url:	https://security.gentoo.org/glsa/202012-16	Trust: 1.9
url:	https://security.netapp.com/advisory/ntap-20201016-0001/	Trust: 1.8
url:	https://www.tenable.com/security/tns-2021-14	Trust: 1.8
url:	https://www.debian.org/security/2021/dsa-4856	Trust: 1.8
url:	https://bugs.php.net/bug.php?id=79601	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html	Trust: 1.8
url:	https://usn.ubuntu.com/4583-1/	Trust: 1.8
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rru57n3osyzpomfwprdnvh7emyotsz66/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7evdn7d3ib4eai4d3zom2ojkq5sd7k4e/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/p2j3zzdhcsx65t5qwv4ahbn7mojxbekg/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rru57n3osyzpomfwprdnvh7emyotsz66/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7evdn7d3ib4eai4d3zom2ojkq5sd7k4e/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/p2j3zzdhcsx65t5qwv4ahbn7mojxbekg/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7070	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0606	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2608	Trust: 0.6
url:	https://vigilance.fr/vulnerability/php-information-disclosure-via-aes-ccm-encryption-33466	Trust: 0.6
url:	https://packetstormsecurity.com/files/164839/red-hat-security-advisory-2021-4213-03.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072292	Trust: 0.6
url:	https://packetstormsecurity.com/files/159564/ubuntu-security-notice-usn-4583-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2515	Trust: 0.6
url:	https://packetstormsecurity.com/files/163727/red-hat-security-advisory-2021-2992-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/php-buffer-overflow-via-mbfl-filt-conv-big5-wchar-32228	Trust: 0.6
url:	https://packetstormsecurity.com/files/160708/gentoo-linux-security-advisory-202012-16.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159722/ubuntu-security-notice-usn-4583-2.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3787	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6055	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3671/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080321	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3581/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3541/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7068	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21702	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7071	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-7070	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7069	Trust: 0.2
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-21702	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7071	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7068	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://usn.ubuntu.com/4583-1	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/326.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://alas.aws.amazon.com/alas-2020-1440.html	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4213	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21705	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2992	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21705	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.7	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.16	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.4	Trust: 0.1
url:	https://www.php.net/changelog-7.php#7.4.13	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.4/7.4.9-1ubuntu1.1	Trust: 0.1
url:	https://usn.ubuntu.com/4583-2	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/php7.3	Trust: 0.1

CREDITS

Gentoo

Trust: 0.7

sources: PACKETSTORM: 160708 // CNNVD: CNNVD-202005-435

SOURCES

db:	VULHUB	id:	VHN-185194
db:	VULMON	id:	CVE-2020-7069
db:	JVNDB	id:	JVNDB-2020-012092
db:	PACKETSTORM	id:	164839
db:	PACKETSTORM	id:	163727
db:	PACKETSTORM	id:	159564
db:	PACKETSTORM	id:	160708
db:	PACKETSTORM	id:	159722
db:	PACKETSTORM	id:	168990
db:	CNNVD	id:	CNNVD-202005-435
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2020-7069

LAST UPDATE DATE

2024-08-14T13:10:25.942000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-185194	date:	2021-12-02T00:00:00
db:	VULMON	id:	CVE-2020-7069	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-012092	date:	2021-04-23T08:59:00
db:	CNNVD	id:	CNNVD-202005-435	date:	2022-11-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2020-7069	date:	2023-11-07T03:25:41.900

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-185194	date:	2020-10-02T00:00:00
db:	VULMON	id:	CVE-2020-7069	date:	2020-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-012092	date:	2021-04-23T00:00:00
db:	PACKETSTORM	id:	164839	date:	2021-11-10T17:05:06
db:	PACKETSTORM	id:	163727	date:	2021-08-03T14:47:43
db:	PACKETSTORM	id:	159564	date:	2020-10-14T20:14:14
db:	PACKETSTORM	id:	160708	date:	2020-12-24T17:17:47
db:	PACKETSTORM	id:	159722	date:	2020-10-27T14:12:34
db:	PACKETSTORM	id:	168990	date:	2021-02-28T20:12:00
db:	CNNVD	id:	CNNVD-202005-435	date:	2020-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2020-7069	date:	2020-10-02T15:15:12.670