CVE-2020-7069

Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de 7.4.11, cuando el modo AES-CCM es usado con la función openssl_encrypt() con 12 bytes IV, solo los primeros 7 bytes del IV está actualmente usado. Esto puede conllevar a una disminución de seguridad y datos de cifrado incorrectos

An update that fixes 18 vulnerabilities, contains one feature is now available. This update for php7 fixes the following issues. Fixed out-of-bounds read due to insufficient input validation in imageloadfont. Fixed buffer overflow in hash_update on long parameter. Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser.

*Credits: Reported by bizxing at web dot de

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-15 CVE Reserved
2020-10-02 CVE Published
2024-09-17 CVE Updated
2025-07-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-326: Inadequate Encryption Strength

CAPEC

References (15)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20201016-0001	Third Party Advisory
https://www.tenable.com/security/tns-2021-14	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugs.php.net/bug.php?id=79601	2023-11-07
https://www.oracle.com/security-alerts/cpuApr2021.html	2023-11-07
https://www.oracle.com/security-alerts/cpuoct2021.html	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66	2023-11-07
https://security.gentoo.org/glsa/202012-16	2023-11-07
https://usn.ubuntu.com/4583-1	2023-11-07
https://www.debian.org/security/2021/dsa-4856	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-7069	2021-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=1885735	2021-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.2.0 < 7.2.34 Search vendor "Php" for product "Php" and version " >= 7.2.0 < 7.2.34"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.3.0 < 7.3.23 Search vendor "Php" for product "Php" and version " >= 7.3.0 < 7.3.23"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 7.4.0 < 7.4.11 Search vendor "Php" for product "Php" and version " >= 7.4.0 < 7.4.11"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				32 Search vendor "Fedoraproject" for product "Fedora" and version "32"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.2 Search vendor "Opensuse" for product "Leap" and version "15.2"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04"		lts		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				-		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				>= 8.0.0 <= 8.5.0 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " >= 8.0.0 <= 8.5.0"		-		Affected
Tenable Search vendor "Tenable"		Tenable.sc Search vendor "Tenable" for product "Tenable.sc"				< 5.19.0 Search vendor "Tenable" for product "Tenable.sc" and version " < 5.19.0"		-		Affected