CVE-2020-7061

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-7061

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7061.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7061

Aliases

Related

MGASA-2020-0119

Published

2020-02-27T21:15:18.927Z

Modified

2026-03-10T23:21:22.783229Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type

GIT

Repo

https://github.com/php/php-src

Events

Introduced

8148cbb78841c8ec0759c0836e7f35dec799d300

Last affected

40c86aa3af2e25971e9c13460ca874348456410d

Introduced

52ace952a1b65ca80fc2617f11c2fa6dd03f51bd

Last affected

4b2854db6fd2fae5a950ae7ce25257ee08cee916

Introduced

3c7824e16ec4c3cee417262445d2c2b66531c10f

Last affected

264ef4f16300270dd4e92d2510660836a4814579

Database specific

{
    "versions": [
        {
            "introduced": "7.2.0"
        },
        {
            "last_affected": "7.2.27"
        },
        {
            "introduced": "7.3.0"
        },
        {
            "last_affected": "7.3.14"
        },
        {
            "introduced": "7.4.0"
        },
        {
            "last_affected": "7.4.2"
        }
    ]
}

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "5.19.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7061.json"