CVE-2020-11656
https://notcve.org/view.php?id=CVE-2020-11656
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. En SQLite versiones hasta 3.31.1, la implementación de ALTER TABLE presenta un uso de la memoria previamente liberada, como es demostrado por una cláusula ORDER BY que pertenece a una sentencia SELECT compuesta. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200416-0001 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.sqlite.org/src/info/d09f8c3621d5 • CWE-416: Use After Free •
CVE-2020-7066 – get_headers() silently truncates after a null byte
https://notcve.org/view.php?id=CVE-2020-7066
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. En las versiones de PHP 7.2.x anterior a la versión 7.2.29, 7.3.x anterior a 7.3.16 y 7.4.x anterior a 7.4.4, mientras usa get_headers () con la URL suministrada por el usuario, si la URL contiene un carácter cero (\ 0), el La URL se truncará silenciosamente en ella. Esto puede hacer que algunos programas hagan suposiciones incorrectas sobre el objetivo de get_headers () y posiblemente envíen información a un servidor incorrecto. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html https://bugs.php.net/bug.php?id=79329 https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html https://security.netapp.com/advisory/ntap-20200403-0001 https://usn.ubuntu.com/4330-2 https://www.debian.org/security/2020/dsa-4717 https://www.debian.org/security/2020/dsa-4719 https://www.tenable.com/security/tns-2021-14 https://access.redhat.com/security/cve/CVE-2020-7066 https://bu • CWE-170: Improper Null Termination CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-7065 – mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full
https://notcve.org/view.php?id=CVE-2020-7065
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. En PHP versiones 7.3.x por debajo de 7.3.16 y versiones 7.4.x por debajo de 7.4.4, mientras se usa la función mb_strtolower() con codificación UTF-32LE, determinadas cadenas no comprobadas pueden causar que PHP sobrescriba el búfer asignado de la pila. Esto podría conllevar a una corrupción de la memoria, bloqueos y potencialmente a una ejecución de código. A vulnerability was found in PHP while using the mb_strtolower() function with UTF-32LE encoding, where certain invalid strings cause PHP to overwrite the stack-allocated buffer. • https://bugs.php.net/bug.php?id=79371 https://security.netapp.com/advisory/ntap-20200403-0001 https://usn.ubuntu.com/4330-1 https://usn.ubuntu.com/4330-2 https://www.debian.org/security/2020/dsa-4719 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.php.net/ChangeLog-7.php#7.4.4 https://www.tenable.com/security/tns-2021-14 https://access.redhat.com/security/cve/CVE-2020-7065 https://bugzilla.redhat.com/show_bug.cgi?id=1820627 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-7064 – Use-of-uninitialized-value in exif
https://notcve.org/view.php?id=CVE-2020-7064
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. En PHP versiones 7.2.x por debajo de 7.2.9, versiones 7.3.x por debajo de 7.3.16 y versiones 7.4.x por debajo de 7.4.4, al analizar datos EXIF ??con la función exif_read_data(), es posible que unos datos maliciosos causen que PHP lea un byte de memoria no inicializada. Esto podría potencialmente conllevar a una divulgación de información o a un bloqueo • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html https://bugs.php.net/bug.php?id=79282 https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html https://security.netapp.com/advisory/ntap-20200403-0001 https://usn.ubuntu.com/4330-1 https://usn.ubuntu.com/4330-2 https://www.debian.org/security/2020/dsa-4717 https://www.debian.org/security/2020/dsa-4719 https://www.oracle.com/security-alerts/cpujan2021.html https://www.tenable.com/ • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-7063 – Files added to tar with Phar::buildFromIterator have all-access permissions
https://notcve.org/view.php?id=CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. En PHP versiones 7.2.x por debajo de 7.2.28, versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo de 7.4.3, cuando es creado un archivo PHAR usando la función PharData::buildFromIterator(), los archivos son agregados con permisos predeterminados (0666, o acceso total) incluso si los archivos originales en el sistema de archivos estaban con permisos más restrictivos. Esto puede causar que los archivos tengan más permisos laxos de lo previsto cuando dicho archivo es extraído. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html https://bugs.php.net/bug.php?id=79082 https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html https://security.gentoo.org/glsa/202003-57 https://usn.ubuntu.com/4330-1 https://www.debian.org/security/2020/dsa-4717 https://www.debian.org/security/2020/dsa-4719 https://www.tenable.com/security/tns-2021-14 https://access.redhat.com/security/cve/CVE-2020-7063 https://bugzilla.redhat • CWE-281: Improper Preservation of Permissions CWE-284: Improper Access Control •