|
Vulnerabilities
< Back

CVE-2020-7059

Updated on 10 Feb 2020

Severity

9.1 Critical severity

Details

CVSS score
9.1
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

Details

Affected product:
Alpine Linux 3.22 , CentOS 6 ELS , CloudLinux 6 ELS , Debian 10 , Debian 10 ELS , Debian 11 , Debian 12 , Debian 13 , EL 10 , EL 6 , EL 7 , EL 8 , EL 9 , Oracle Linux 6 ELS , Ubuntu 16.04 , Ubuntu 18.04 , Ubuntu 20.04 , Ubuntu 22.04 , Ubuntu 24.04 , Windows 10
Affected packages:
php @ 7.4 (+169 more)
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

Fixes