CVE-2020-7060

global buffer-overflow in mbfl_filt_conv_big5_wchar

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Cuando se usan determinadas funciones de mbstring para convertir codificaciones multibyte, en PHP versiones 7.2.x por debajo de 7.2.27, versiones 7.3.x por debajo de 7.3.14 y versiones 7.4.x por debajo de 7.4.2, es posible suministrar datos que causarán que la función mbfl_filt_conv_big5_wchar lea más allá del buffer asignado. Esto puede conllevar a una divulgación de información o bloqueo.

USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. Various other issues were also addressed.

*Credits: Reported by reza at iseclab dot org

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-15 CVE Reserved
2020-02-10 CVE Published
2024-09-17 CVE Updated
2024-09-17 First Exploit
2025-04-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-125: Out-of-bounds Read

CAPEC

References (16)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html	Mailing List
https://seclists.org/bugtraq/2020/Feb/27	Mailing List
https://seclists.org/bugtraq/2020/Feb/31	Mailing List
https://seclists.org/bugtraq/2021/Jan/3	Mailing List
https://security.netapp.com/advisory/ntap-20200221-0002	Mailing List
https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory

URL	Date	SRC
https://bugs.php.net/bug.php?id=79037	2024-09-17

URL	Date	SRC
https://usn.ubuntu.com/4279-1	2022-07-01
https://www.tenable.com/security/tns-2021-14	2022-07-01

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html	2022-07-01
https://security.gentoo.org/glsa/202003-57	2022-07-01
https://www.debian.org/security/2020/dsa-4626	2022-07-01
https://www.debian.org/security/2020/dsa-4628	2022-07-01
https://access.redhat.com/security/cve/CVE-2020-7060	2020-12-01
https://bugzilla.redhat.com/show_bug.cgi?id=1797779	2020-12-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.2.0 < 7.2.27 Search vendor "Php" for product "Php" and version " >= 7.2.0 < 7.2.27"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.3.0 < 7.3.14 Search vendor "Php" for product "Php" and version " >= 7.3.0 < 7.3.14"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.4.0 < 7.4.2 Search vendor "Php" for product "Php" and version " >= 7.4.0 < 7.4.2"		-		Affected
Tenable Search vendor "Tenable"		Tenable.sc Search vendor "Tenable" for product "Tenable.sc"				< 5.19.0 Search vendor "Tenable" for product "Tenable.sc" and version " < 5.19.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				>= 8.0 <= 8.4 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " >= 8.0 <= 8.4"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected