BIT-php-2020-7067

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/php/BIT-php-2020-7067.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-php-2020-7067

Aliases

CVE-2020-7067

Published

2024-03-06T11:06:30.498Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

References

https://bugs.php.net/bug.php?id=79465
https://security.netapp.com/advisory/ntap-20200504-0001/
https://www.debian.org/security/2020/dsa-4717
https://www.debian.org/security/2020/dsa-4719
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.tenable.com/security/tns-2021-14

Affected packages

Bitnami / php

Package

Name: php
Purl: pkg:bitnami/php

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.2.0

Fixed

7.2.30

Introduced

7.3.0

Fixed

7.3.17

Introduced

7.4.0

Fixed

7.4.5