CVE-2020-7068
published 2020-09-09CVE-2020-7068: In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be…
PriorityP415low3.6CVSS 3.1
AVLACHPRLUINSUCLINAL
EPSS
1.66%
73.7th percentile
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | php7.4 | < php7.4 7.4.9-1 (bullseye) | php7.4 7.4.9-1 (bullseye) |
| php | php | >= 7.2.0 < 7.2.33 | 7.2.33 |
| php | php | >= 7.3.0 < 7.3.21 | 7.3.21 |
| php | php | >= 7.4.0 < 7.4.9 | 7.4.9 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.29+esm14 | 5.5.9+dfsg-1ubuntu4.29+esm14 |
| php_group | php | >= 7.2.x < 7.2.33 | 7.2.33 |
| php_group | php | >= 7.3.x < 7.3.21 | 7.3.21 |
| php_group | php | >= 7.4.x < 7.4.9 | 7.4.9 |
| tenable | tenable.sc | < 5.19.0 | 5.19.0 |
CVSS provenance
nvdv3.13.6LOWCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
nvdv2.03.3LOWAV:L/AC:M/Au:N/C:P/I:N/A:P
osv3.6LOW
vendor_debian4.8MEDIUM
vendor_redhat4.8MEDIUM
vendor_ubuntu4.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Festo Didactic SE MES PC
cisa_ics·2026-01-27·CVSS 7.5
[HIGH] Festo Didactic SE MES PC
ICS Advisory
##
Festo Didactic SE MES PC
Release DateJanuary 27, 2026
Alert CodeICSA-26-027-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2021-07-13·CVSS 4.8
CVE-2021-21702 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
USN-5006-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. (CVE-2020-7068)
It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. (CVE-2020-7071)
It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remot
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2021-07-07·CVSS 4.8
CVE-2020-7071 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. This issue
only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068)
It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-7071)
It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remote attacker could possibl
Red Hat
php: Use of freed hash key in the phar_parse_zipfile function
vendor_redhat·2020-08-06·CVSS 4.8
CVE-2020-7068 [MEDIUM] CWE-416 php: Use of freed hash key in the phar_parse_zipfile function
php: Use of freed hash key in the phar_parse_zipfile function
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
Package: php (Red Hat Enterprise Linux 5) - Out of support scope
Package: php53 (Red Hat Enterprise Linux 5) - Out of support scope
Package: php (Red Hat Enterprise Linux 6) - Out of support scope
Package: php (Red Hat Enterprise Linux 7) - Fix deferred
Package: php:7.2/php (Red Hat Enterprise Linux 8) - Fix deferred
Package: php:7.3/php (Red Hat Enterprise Linux 8) - Fix deferred
Package: rh-php72-php (Red Hat Software Collections) - Out of support scope
Debian
CVE-2020-7068: php7.4 - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, wh...
vendor_debian·2020·CVSS 4.8
CVE-2020-7068 [MEDIUM] CVE-2020-7068: php7.4 - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, wh...
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
Scope: local
bullseye: resolved (fixed in 7.4.9-1)
GHSA
GHSA-vc9g-5348-gqwv: In PHP versions 7
ghsa_unreviewed·2022-05-24
CVE-2020-7068 [MEDIUM] CWE-416 GHSA-vc9g-5348-gqwv: In PHP versions 7
In PHP versions 7.2.x below 7.3.21, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
OSV
php5, php7.0 vulnerabilities
osv·2021-07-13·CVSS 3.6
CVE-2020-7068 [LOW] php5, php7.0 vulnerabilities
php5, php7.0 vulnerabilities
USN-5006-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. (CVE-2020-7068)
It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. (CVE-2020-7071)
It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remote attacker could possibly
use this issue to cause P
OSV
php7.2, php7.4 vulnerabilities
osv·2021-07-07·CVSS 3.6
CVE-2020-7068 [LOW] php7.2, php7.4 vulnerabilities
php7.2, php7.4 vulnerabilities
It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. This issue
only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068)
It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-7071)
It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remote attacker could possibly
use this issue to cause PHP to crash, resulting
OSV
CVE-2020-7068: In PHP versions 7
osv·2020-09-09·CVSS 3.6
CVE-2020-7068 [LOW] CVE-2020-7068: In PHP versions 7
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
No detection rules found.
No public exploits indexed.
HackerOne
Use after free vulnerability in phar_parse_zipfile
hackerone·2020-11-09·CVSS 4.8
CVE-2020-7068 [MEDIUM] Use after free vulnerability in phar_parse_zipfile
Use after free vulnerability in phar_parse_zipfile
Malformed phar file with cache configuration leads freed memory as hash key when it inserts into the hash table.
More detail information and original report is here: https://bugs.php.net/bug.php?id=79797 and it was assigned CVE-2020-7068.
## Impact
Through this vulnerability that inserts freed memory into the hash table that manages alias file names, an attacker may gain memory information.
Bugzilla
CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function
bugzilla·2020-08-11·CVSS 4.8
CVE-2020-7068 [MEDIUM] CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function
CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function
he phar_parse_zipfile function had use-after-free vulnerability because of mishandling of the actual_alias variable.
----- ext/phar/zip.c -----
int phar_parse_zipfile(php_stream *fp, char *fname, size_t fname_len, char *alias, size_t alias_len, phar_archive_data** pphar, char **error) /* {{{ */
{
...
mydata->alias = entry.is_persistent ? pestrndup(actual_alias, mydata->alias_len, 1) : actual_alias;
if (entry.is_persistent) {
efree(actual_alias);
}
zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), actual_alias, mydata->alias_len, mydata);
...
`actual_alias` variable is allocated by estrndup function, which string is part of data of the zip file.
The above code snippet `mydata->alias` is assigned by `pestrndup
Bugzilla
CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function [fedora-all]
bugzilla·2020-08-11·CVSS 4.8
CVE-2020-7068 [MEDIUM] CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function [fedora-all]
CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple support
https://bugs.php.net/bug.php?id=79797https://security.gentoo.org/glsa/202009-10https://security.netapp.com/advisory/ntap-20200918-0005/https://www.debian.org/security/2021/dsa-4856https://www.tenable.com/security/tns-2021-14https://bugs.php.net/bug.php?id=79797https://security.gentoo.org/glsa/202009-10https://security.netapp.com/advisory/ntap-20200918-0005/https://www.debian.org/security/2021/dsa-4856https://www.tenable.com/security/tns-2021-14
2020-09-09
Published