CVE-2020-7067

OOB Read in urldecode()

CVSS 7.5 HIGHEPSS 4.3%CWE-125 CWE-196

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

PHP Group · PHP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugs.php.net/bug.php?id=79465 https://security.netapp.com/advisory/ntap-20200504-0001/https://www.debian.org/security/2020/dsa-4717 https://www.debian.org/security/2020/dsa-4719 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.tenable.com/security/tns-2021-14