CVE-2020-7067 — Out-of-bounds Read in PHP

CWE-125 — Out-of-bounds Read CWE-196 — Unsigned to Signed Conversion Error8 documents8 sources

Severity

7.5HIGHNVD

EPSS

10.0%

top 6.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Tenable Tenable.sc Oracle Communications Diameter Signaling Router +2 more

Timeline

PublishedApr 27

Latest updateMay 24

Description

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDphp/php7.2.0 — 7.2.30+2

▶NVDtenable/tenable.sc< 5.19.0

▶NVDoracle/communications_diameter_signaling_router8.0.0.0 — 8.4.0.5

▶CVEListV5php_group/php7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5+1

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: www.tenable.com ↗Patch: www.tenable.com ↗

🔴Vulnerability Details

GHSA

GHSA-8hqm-3r2c-qg9c: In PHP versions 7↗2022-05-24

▶

CVEList

OOB Read in urldecode()↗2020-04-27

▶

OSV

CVE-2020-7067: In PHP versions 7↗2020-04-27

▶

📋Vendor Advisories

Red Hat

php: out-of-bounds read when using a malformed url-encoded string↗2020-04-10

▶

Debian

CVE-2020-7067: php7.4 - In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if...↗2020

▶

💬Community

HackerOne

Out-of-Bound Read in urldecode() [CVE-2020-7067]↗2020-10-12

▶

Bugzilla

CVE-2020-7067 php: out-of-bounds read when using a malformed url-encoded string↗2020-04-24

▶