CVE-2020-7067
HIGH7.5EPSS 9.0%OOB Read in urldecode()
發布日:2020/4/27修改日:2026/4/28
描述
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
受影響套件(4)
- Bitnami/libphp>= 7.2.0, < 7.2.30, >= 7.3.0, < 7.3.17, >= 7.4.0, < 7.4.5
- Bitnami/php>= 7.2.0, < 7.2.30, >= 7.3.0, < 7.3.17, >= 7.4.0, < 7.4.5
- Bitnami/php-min>= 7.2.0, < 7.2.30, >= 7.3.0, < 7.3.17, >= 7.4.0, < 7.4.5
- Debian/php7.4from 0, < 7.4.5-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(9)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-7067
- WEBhttps://bugs.php.net/bug.php?id=79465
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-7067
- WEBhttps://security.netapp.com/advisory/ntap-20200504-0001/
- WEBhttps://www.debian.org/security/2020/dsa-4717
- WEBhttps://www.debian.org/security/2020/dsa-4719
- WEBhttps://www.oracle.com/security-alerts/cpuApr2021.html
- WEBhttps://www.oracle.com/security-alerts/cpuoct2020.html
- WEBhttps://www.tenable.com/security/tns-2021-14