CVE-2020-7068
09.09.2020, 18:15
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.Enginsight
| Vendor | Product | Version |
|---|---|---|
| php | php | 7.2.0 ≤ 𝑥 < 7.2.33 |
| php | php | 7.3.0 ≤ 𝑥 < 7.3.21 |
| php | php | 7.4.0 ≤ 𝑥 < 7.4.9 |
| debian | debian_linux | 10.0 |
| tenable | tenable.sc | 𝑥 < 5.19.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| php5 |
| ||||||||||||||||
| php7.0 |
| ||||||||||||||||
| php7.2 |
| ||||||||||||||||
| php7.4 |
| ||||||||||||||||
| php8.0 |
| ||||||||||||||||
| php8.1 |
|
Common Weakness Enumeration
References