CVE-2020-7068

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-7068
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7068.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-7068
Aliases
Related
Published
2020-09-09T18:15:23Z
Modified
2025-01-15T08:56:38.759190Z
Downstream
Severity
  • 3.6 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, pharparsezipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

References

Affected packages

Debian:11 / php7.4

Package

Name
php7.4
Purl
pkg:deb/debian/php7.4?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.4.9-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
8148cbb78841c8ec0759c0836e7f35dec799d300
Fixed
1ff373e57010ece24f162ea6b88dfe1d13593502