CVE-2020-7067

Name of the Vulnerable Software and Affected Versions PHP versions 7.2.x through 7.2.29 PHP versions 7.3.x through 7.3.16 PHP versions 7.4.x through 7.4.4

Description The issue is related to the urldecode() function in PHP, which can be exploited to access memory locations past the allocated buffer due to the erroneous use of signed numbers as array indexes. This can allow a remote attacker to access protected information. The vulnerability is particularly relevant when PHP is compiled with EBCDIC support, although this is an uncommon configuration.

Recommendations For PHP versions 7.2.x through 7.2.29, update to version 7.2.30 or later. For PHP versions 7.3.x through 7.3.16, update to version 7.3.17 or later. For PHP versions 7.4.x through 7.4.4, update to version 7.4.5 or later.