|
Vulnerabilities
< Back

CVE-2020-7068

Updated on 09 Sep 2020

Severity

3.6 Low severity

Details

CVSS score
3.6
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

Details

Affected product:
Alpine Linux 3.22 , CentOS 6 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , CloudLinux 6 ELS , Debian 10 , Debian 10 ELS , Debian 11 , Debian 12 , Debian 13 , EL 10 , EL 6 , EL 7 , EL 8 , EL 9 , Oracle Linux 6 ELS , Ubuntu 16.04 , Ubuntu 16.04 ELS , Ubuntu 18.04 , Ubuntu 20.04 , Ubuntu 22.04 , Ubuntu 24.04 , Windows 10
Affected packages:
php @ 5.6 (+172 more)
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

Fixes