CVE-2020-7062
27.02.2020, 21:15
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.Enginsight
| Vendor | Product | Version |
|---|---|---|
| php | php | 7.2.0 ≤ 𝑥 ≤ 7.2.27 |
| php | php | 7.3.0 ≤ 𝑥 ≤ 7.3.14 |
| php | php | 7.4.0 ≤ 𝑥 ≤ 7.4.2 |
| opensuse | leap | 15.1 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.10 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| php5 |
| ||||||||
| php7.0 |
| ||||||||
| php7.2 |
| ||||||||
| php7.3 |
| ||||||||
| php7.4 |
|
Common Weakness Enumeration
References