CVE-2020-7067 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
php	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
php	php	7.2.0 ≤ 𝑥 < 7.2.30
php	php	7.3.0 ≤ 𝑥 < 7.3.17
php	php	7.4.0 ≤ 𝑥 < 7.4.5
tenable	tenable.sc	𝑥 < 5.19.0
oracle	communications_diameter_signaling_router	8.0.0.0 ≤ 𝑥 ≤ 8.4.0.5
debian	debian_linux	9.0
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

php7.4

bullseye	7.4.33-1+deb11u5 fixed
bullseye (security)	7.4.33-1+deb11u6 fixed

Ubuntu Releases

Ubuntu Product

Codename

php5

bionic	dne
eoan	dne
trusty	not-affected
xenial	dne

php7.0

bionic	dne
eoan	dne
trusty	dne
xenial	not-affected

php7.2

bionic	not-affected
eoan	dne
trusty	dne
xenial	dne

php7.3

bionic	dne
eoan	not-affected
trusty	dne
xenial	dne

php7.4

bionic	dne
eoan	dne
trusty	dne
xenial	dne

Known Exploits!

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://bugs.php.net/bug.php?id=79465

https://security.netapp.com/advisory/ntap-20200504-0001/

https://www.debian.org/security/2020/dsa-4717

https://www.debian.org/security/2020/dsa-4719

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.tenable.com/security/tns-2021-14

https://bugs.php.net/bug.php?id=79465

https://security.netapp.com/advisory/ntap-20200504-0001/

https://www.debian.org/security/2020/dsa-4717

https://www.debian.org/security/2020/dsa-4719

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.tenable.com/security/tns-2021-14