PT-2020-2006 · Php+7 · Php+7

Published

2020-01-16

·

Updated

2025-08-11

·

CVE-2020-7059

CVSS v2.0

9.4

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:C
Name of the Vulnerable Software and Affected Versions PHP versions 7.2.x through 7.2.26 PHP versions 7.3.x through 7.3.13 PHP versions 7.4.x through 7.4.1
Description The issue is related to the fgetss() function in PHP, which can be exploited to read past the allocated buffer when used to read data with stripping tags. This may lead to information disclosure or crash, potentially allowing a remote attacker to access confidential data or cause a denial of service.
Recommendations For PHP versions 7.2.x through 7.2.26, update to version 7.2.27 or later. For PHP versions 7.3.x through 7.3.13, update to version 7.3.14 or later. For PHP versions 7.4.x through 7.4.1, update to version 7.4.2 or later.

Exploit

Fix

Out of bounds Read

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2020:3662
ALT-PU-2020-1149
ALT-PU-2020-1206
BDU:2020-01446
BIT-LIBPHP-2020-7059
BIT-PHP-2020-7059
BIT-PHP-MIN-2020-7059
CESA-2020_3662
CVE-2020-7059
DLA-2124-1
DSA-4626-1
DSA-4628-1
MGASA-2020-0066
OESA-2021-1018
OPENSUSE-SU-2020:0341-1
OPENSUSE-SU-2020_0341-1
OPENSUSE-SU-2022_4067-1
RHSA-2020:3662
RHSA-2020:5275
RHSA-2020_3662
RLSA-2020:3662
SUSE-SU-2020:0397-1
SUSE-SU-2020:0522-1
SUSE-SU-2020:0622-1
SUSE-SU-2020:14289-1
SUSE-SU-2020_0622-1
SUSE-SU-2022:4067-1
USN-4279-1
USN-4279-2

Affected Products

Alt Linux
Almalinux
Centos
Php
Red Hat
Rocky Linux
Suse
Ubuntu