CVE-2020-7067
Published: 27 April 2020
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
Notes
| Author | Note |
|---|---|
| mdeslaur | only an issue when CHARSET_EBCDIC is defined, which isn't the case on any Ubuntu platforms. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php7.3 Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
| upstream |
Released
(7.3.17)
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| eoan |
Not vulnerable
(code not present)
|
|
|
php7.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(7.4.5)
|
|
| xenial |
Does not exist
|
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be |
||
|
php5 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| trusty |
Not vulnerable
(code not present)
|
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| eoan |
Does not exist
|
|
|
php7.0 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| bionic |
Does not exist
|
|
| eoan |
Does not exist
|
|
|
php7.2 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Not vulnerable
(code not present)
|
|
| eoan |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |