CVE-2020-7067

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
phpCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
phpphp
7.2.0 ≤
𝑥
< 7.2.30
phpphp
7.3.0 ≤
𝑥
< 7.3.17
phpphp
7.4.0 ≤
𝑥
< 7.4.5
tenabletenable.sc
𝑥
< 5.19.0
oraclecommunications_diameter_signaling_router
8.0.0.0 ≤
𝑥
≤ 8.4.0.5
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php7.4
bullseye
7.4.33-1+deb11u5
fixed
bullseye (security)
7.4.33-1+deb11u6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
eoan
dne
bionic
dne
xenial
dne
trusty
not-affected
php7.0
eoan
dne
bionic
dne
xenial
not-affected
trusty
dne
php7.2
eoan
dne
bionic
not-affected
xenial
dne
trusty
dne
php7.3
eoan
not-affected
bionic
dne
xenial
dne
trusty
dne
php7.4
eoan
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://bugs.php.net/bug.php?id=79465
https://security.netapp.com/advisory/ntap-20200504-0001/
https://www.debian.org/security/2020/dsa-4717
https://www.debian.org/security/2020/dsa-4719
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.tenable.com/security/tns-2021-14
https://bugs.php.net/bug.php?id=79465
https://security.netapp.com/advisory/ntap-20200504-0001/
https://www.debian.org/security/2020/dsa-4717
https://www.debian.org/security/2020/dsa-4719
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.tenable.com/security/tns-2021-14