Your submission was sent successfully! Close

CVE-2020-7068

Published: 9 September 2020

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

Priority

Low

CVSS 3 base score: 3.6

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Ignored
(end of ESM support, was needed)
trusty
Released (5.5.9+dfsg-1ubuntu4.29+esm14)
upstream Needs triage

xenial Does not exist

php7.0
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (7.0.33-0ubuntu0.16.04.16+esm1)
php7.2
Launchpad, Ubuntu, Debian
bionic
Released (7.2.24-0ubuntu0.18.04.8)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.2.33)
xenial Does not exist

Patches:
upstream: http://git.php.net/?p=php-src.git;a=commit;h=7355ab81763a3d6a04ac11660e6a16d58838d187



php7.4
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (7.4.3-4ubuntu2.5)
groovy Not vulnerable
(7.4.9-1ubuntu1.1)
hirsute Not vulnerable
(7.4.16-1ubuntu2)
impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

upstream
Released (7.4.9)
xenial Does not exist

Patches:

upstream: http://git.php.net/?p=php-src.git;a=commit;h=7355ab81763a3d6a04ac11660e6a16d58838d187
upstream: http://git.php.net/?p=php-src.git;a=commit;h=5b29af5c781980ea48320c612aa38d67bc737e90
upstream: http://git.php.net/?p=php-src.git;a=commit;h=9c3171f019d07b4271c5929478dddba0861e92af
php8.0
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Not vulnerable
(8.0.5-1ubuntu1)
jammy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

php8.1
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Not vulnerable
(8.1.0-1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist