CVE-2020-7068 — Use After Free in Group PHP

CWE-416 — Use After Free13 documents9 sources

Severity

3.6LOWNVD

CNA4.8

EPSS

0.8%

top 25.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Group PHP PHP Tenable Tenable.sc +2 more

Timeline

PublishedSep 9

Latest updateMay 24

Description

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 1.0 | Impact: 2.5

Affected Packages4 packages

▶NVDphp/php7.2.0 — 7.2.33+2

▶CVEListV5php_group/php7.3.x — 7.3.21+2

▶NVDtenable/tenable.sc< 5.19.0

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.29+esm14

Also affects: Debian Linux 10.0

Patches

Patch: bugs.php.net ↗Patch: www.tenable.com ↗Patch: bugs.php.net ↗

🔴Vulnerability Details

GHSA

GHSA-vc9g-5348-gqwv: In PHP versions 7↗2022-05-24

▶

OSV

php5, php7.0 vulnerabilities↗2021-07-13

▶

OSV

php7.2, php7.4 vulnerabilities↗2021-07-07

▶

CVEList

Use of freed hash key in the phar_parse_zipfile function↗2020-09-09

▶

OSV

CVE-2020-7068: In PHP versions 7↗2020-09-09

▶

📋Vendor Advisories

Ubuntu

PHP vulnerabilities↗2021-07-13

▶

Ubuntu

PHP vulnerabilities↗2021-07-07

▶

Red Hat

php: Use of freed hash key in the phar_parse_zipfile function↗2020-08-06

▶

Debian

CVE-2020-7068: php7.4 - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, wh...↗2020

▶

💬Community

HackerOne

Use after free vulnerability in phar_parse_zipfile↗2020-11-09

▶

Bugzilla

CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function↗2020-08-11

▶

Bugzilla

CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function [fedora-all]↗2020-08-11

▶