CVE-2020-7060 — Out-of-bounds Read in Group PHP

CWE-125 — Out-of-bounds Read CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents9 sources

Severity

9.1CRITICALNVD

CNA6.5

EPSS

6.4%

top 8.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Group PHP PHP Tenable Tenable.sc +3 more

Timeline

PublishedFeb 10

Latest updateMay 24

Description

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages5 packages

▶NVDphp/php7.2.0 — 7.2.27+2

▶CVEListV5php_group/php7.2.x — 7.2.27+2

▶NVDtenable/tenable.sc< 5.19.0

▶NVDoracle/communications_diameter_signaling_router8.0 — 8.4

▶NVDopensuse/leap15.1

Also affects: Debian Linux 8.0

Patches

Patch: bugs.php.net ↗Patch: usn.ubuntu.com ↗Patch: www.tenable.com ↗

🔴Vulnerability Details

GHSA

GHSA-ch28-9wjf-88gw: When using certain mbstring functions to convert multibyte encodings, in PHP versions 7↗2022-05-24

▶

OSV

php5, php7.0, php7.2, php7.3 vulnerabilities↗2020-02-17

▶

OSV

CVE-2020-7060: When using certain mbstring functions to convert multibyte encodings, in PHP versions 7↗2020-02-10

▶

CVEList

global buffer-overflow in mbfl_filt_conv_big5_wchar↗2020-02-10

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Applications Risk Matrix: Platform (PHP) — CVE-2020-7060↗2020-07-15

▶

Ubuntu

PHP vulnerabilities↗2020-02-17

▶

Red Hat

php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function↗2020-01-23

▶

Debian

CVE-2020-7060: php7.4 - When using certain mbstring functions to convert multibyte encodings, in PHP ver...↗2020

▶

💬Community

Bugzilla

CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function↗2020-02-03

▶

Bugzilla

CVE-2020-7060 php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function [fedora-all]↗2020-02-03

▶