In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
References
Link | Resource |
---|---|
https://bugs.php.net/bug.php?id=79465 | Exploit Vendor Advisory |
https://security.netapp.com/advisory/ntap-20200504-0001/ | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4717 | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4719 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Not Applicable Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2020.html | Third Party Advisory |
https://www.tenable.com/security/tns-2021-14 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
16 May 2022, 19:57
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4717 - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4719 - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Not Applicable, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-04-27 21:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-7067
Mitre link : CVE-2020-7067
CVE.ORG link : CVE-2020-7067
JSON object : View
Products Affected
tenable
- tenable.sc
oracle
- communications_diameter_signaling_router
php
- php
debian
- debian_linux