CVE-2020-7066 — Improper Null Termination in PHP

CWE-170 — Improper Null Termination CWE-200 — Sensitive Information Exposure11 documents8 sources

Severity

4.3MEDIUMNVD

CNA5.3

EPSS

1.5%

top 18.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Tenable Tenable.sc PHP Group PHP +2 more

Timeline

PublishedApr 1

Latest updateMay 24

Description

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDphp/php7.2.0 — 7.2.29+2

▶NVDtenable/tenable.sc< 5.19.0+1

▶CVEListV5php_group/php7.2.x below 7.2.29, 7.3.x below 7.3.16, 7.4.x below 7.4.4+2

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: bugs.php.net ↗Patch: www.tenable.com ↗Patch: bugs.php.net ↗

🔴Vulnerability Details

GHSA

GHSA-g2jm-56j8-g3cg: In PHP versions 7↗2022-05-24

▶

OSV

php7.4 vulnerabilities↗2020-05-06

▶

CVEList

get_headers() silently truncates after a null byte↗2020-04-01

▶

OSV

CVE-2020-7066: In PHP versions 7↗2020-04-01

▶

📋Vendor Advisories

Ubuntu

PHP vulnerabilities↗2020-05-06

▶

Ubuntu

PHP vulnerabilities↗2020-04-15

▶

Red Hat

php: Information disclosure in function get_headers↗2020-04-01

▶

Debian

CVE-2020-7066: php7.4 - In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, wh...↗2020

▶

💬Community

Bugzilla

CVE-2020-7066 php: Information disclosure in function get_headers↗2020-04-03

▶

Bugzilla

CVE-2020-7066 php: information disclosure in function get_headers [fedora-all]↗2020-04-03

▶