vulnerability

PHP Vulnerability: CVE-2020-7068

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:L/AC:M/Au:N/C:P/I:N/A:P)	2020-09-09	2020-10-05	2024-11-26

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:N/A:P)

Published

2020-09-09

Added

2020-10-05

Modified

2024-11-26

Description

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

Solution(s)

php-upgrade-7_2_23php-upgrade-7_3_21php-upgrade-7_4_9

References

CVE-2020-7068
https://attackerkb.com/topics/CVE-2020-7068
URL-https://bugs.php.net/bug.php?id=79797

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today