CVE-2020-7061

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions PHP versions 7.3.x through 7.3.14 PHP versions 7.4.x through 7.4.2

Description The issue arises when extracting PHAR files on Windows using the phar extension. Certain content inside a PHAR file could lead to a one-byte read past the allocated buffer, potentially resulting in information disclosure or a crash.

Recommendations For PHP versions 7.3.x through 7.3.14, update to version 7.3.15 or later. For PHP versions 7.4.x through 7.4.2, update to version 7.4.3 or later.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-1304

ALT-PU-2020-1385

BIT-LIBPHP-2020-7061

BIT-PHP-2020-7061

BIT-PHP-MIN-2020-7061

CVE-2020-7061

MGASA-2020-0119

Affected Products

Alt Linux

Php

CVE-2020-7061

Weakness Enumeration

Related Identifiers

Affected Products

References · 12