PT-2020-5864 · Php+9 · Php+9

Published

2020-08-03

·

Updated

2025-08-11

·

CVE-2020-7068

CVSS v3.1

4.8

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.32 PHP versions 7.3.x through 7.3.20 PHP versions 7.4.x through 7.4.8
Description: The issue is related to the phar parse zipfile function in PHP, which can be tricked into accessing freed memory when processing PHAR files using the phar extension. This could lead to a crash or information disclosure. An attacker could exploit this to gain access to confidential data or cause a denial of service.
Recommendations: For PHP version 7.2.x, update to version 7.2.33 or later. For PHP version 7.3.x, update to version 7.3.21 or later. For PHP version 7.4.x, update to version 7.4.9 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:4213
ALT-PU-2020-2522
ALT-PU-2020-2622
BDU:2021-01911
BIT-LIBPHP-2020-7068
BIT-PHP-2020-7068
BIT-PHP-MIN-2020-7068
CESA-2021_4213
CVE-2020-7068
DLA-2345-1
DSA-4856-1
OPENSUSE-SU-2020:1354-1
OPENSUSE-SU-2020:1356-1
OPENSUSE-SU-2020_1354-1
OPENSUSE-SU-2020_1356-1
OPENSUSE-SU-2022_4067-1
OPENSUSE-SU-2022_4069-1
OPENSUSE-SU-2024:11569-1
RHSA-2021:2992
RHSA-2021:4213
RHSA-2021_4213
RLSA-2021:4213
SUSE-SU-2020:2403-1
SUSE-SU-2020:2404-1
SUSE-SU-2020:2405-1
SUSE-SU-2020:2455-1
SUSE-SU-2020:2456-1
SUSE-SU-2020:2477-1
SUSE-SU-2020_2403-1
SUSE-SU-2020_2404-1
SUSE-SU-2020_2405-1
SUSE-SU-2020_2455-1
SUSE-SU-2020_2456-1
SUSE-SU-2020_2477-1
SUSE-SU-2022:4067-1
SUSE-SU-2022:4068-1
SUSE-SU-2022:4069-1
USN-5006-1
USN-5006-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Rocky Linux
Suse
Ubuntu