CVE-2020-7061
heap-buffer-overflow in phar_extract_file
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
En PHP versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo de 7.4.3, mientras son extraídos los archivos PHAR en Windows usando la extensión phar, determinado contenido dentro del archivo PHAR podría conllevar a una lectura de un byte más allá del búfer asignado. Esto potencialmente podría conllevar a una divulgación de información o bloqueo de aplicación.
*Credits:
Reported by cmb@php.net
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-15 CVE Reserved
- 2020-02-27 CVE Published
- 2023-07-02 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.php.net/bug.php?id=79171 | 2024-09-17 |
| URL | Date | SRC |
|---|---|---|
| https://www.tenable.com/security/tns-2021-14 | 2022-05-16 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202003-57 | 2022-05-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.2.0 <= 7.2.27 Search vendor "Php" for product "Php" and version " >= 7.2.0 <= 7.2.27" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.3.0 <= 7.3.14 Search vendor "Php" for product "Php" and version " >= 7.3.0 <= 7.3.14" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.4.0 <= 7.4.2 Search vendor "Php" for product "Php" and version " >= 7.4.0 <= 7.4.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Tenable Search vendor "Tenable" | Tenable.sc Search vendor "Tenable" for product "Tenable.sc" | < 5.19.0 Search vendor "Tenable" for product "Tenable.sc" and version " < 5.19.0" | - |
Affected
| ||||||