Vulnerability-Lookup

CVE-2020-7062 (GCVE-0-2020-7062)

Vulnerability from cvelistv5 – Published: 2020-02-27 20:25 – Updated: 2024-09-16 22:24

Title

Null Pointer Dereference in PHP Session Upload Progress

Summary

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

php

References

8 references

URL	Tags
https://bugs.php.net/bug.php?id=79221	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://security.gentoo.org/glsa/202003-57	vendor-advisoryx_refsource_GENTOO
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4330-1/	vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2020/dsa-4717	vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2020/dsa-4719	vendor-advisoryx_refsource_DEBIAN
https://www.tenable.com/security/tns-2021-14	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
PHP Group	PHP	Affected: 7.3.x , < 7.3.15 (custom) Affected: 7.4.x , < 7.4.3 (custom) Affected: 7.2.x , < 7.2.28 (custom)

Date Public ?

2020-02-17 00:00

Credits

Reported by ryat@php.net

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=79221"
          },
          {
            "name": "openSUSE-SU-2020:0341",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
          },
          {
            "name": "GLSA-202003-57",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-57"
          },
          {
            "name": "[debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
          },
          {
            "name": "USN-4330-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4330-1/"
          },
          {
            "name": "DSA-4717",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4717"
          },
          {
            "name": "DSA-4719",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4719"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "7.3.15",
              "status": "affected",
              "version": "7.3.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.3",
              "status": "affected",
              "version": "7.4.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.2.28",
              "status": "affected",
              "version": "7.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "file_uploads=1\nsession.upload_progress.enabled=1\nsession.upload_progress.cleanup=0"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by ryat@php.net"
        }
      ],
      "datePublic": "2020-02-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T17:06:46.000Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=79221"
        },
        {
          "name": "openSUSE-SU-2020:0341",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
        },
        {
          "name": "GLSA-202003-57",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-57"
        },
        {
          "name": "[debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
        },
        {
          "name": "USN-4330-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4330-1/"
        },
        {
          "name": "DSA-4717",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4717"
        },
        {
          "name": "DSA-4719",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4719"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=79221"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Null Pointer Dereference in PHP Session Upload Progress",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable file uploading, file upload tracking or enable session.upload_progress.cleanup."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2020-02-17T16:21:00.000Z",
          "ID": "CVE-2020-7062",
          "STATE": "PUBLIC",
          "TITLE": "Null Pointer Dereference in PHP Session Upload Progress"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.3.x",
                            "version_value": "7.3.15"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.4.x",
                            "version_value": "7.4.3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.2.x",
                            "version_value": "7.2.28"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "file_uploads=1\nsession.upload_progress.enabled=1\nsession.upload_progress.cleanup=0"
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "Reported by ryat@php.net"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476 NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=79221",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=79221"
            },
            {
              "name": "openSUSE-SU-2020:0341",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
            },
            {
              "name": "GLSA-202003-57",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-57"
            },
            {
              "name": "[debian-lts-announce] 20200326 [SECURITY] [DLA 2160-1] php5 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
            },
            {
              "name": "USN-4330-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4330-1/"
            },
            {
              "name": "DSA-4717",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4717"
            },
            {
              "name": "DSA-4719",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4719"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=79221"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable file uploading, file upload tracking or enable session.upload_progress.cleanup."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2020-7062",
    "datePublished": "2020-02-27T20:25:15.153Z",
    "dateReserved": "2020-01-15T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:24:49.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-7062",
      "date": "2026-05-22",
      "epss": "0.01155",
      "percentile": "0.78783"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2.0\", \"versionEndIncluding\": \"7.2.27\", \"matchCriteriaId\": \"C6DEDF33-5700-450F-980D-8CA598A53DED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.3.0\", \"versionEndIncluding\": \"7.3.14\", \"matchCriteriaId\": \"1CA6A47B-6146-4361-AED1-4263B7911C6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.4.0\", \"versionEndIncluding\": \"7.4.2\", \"matchCriteriaId\": \"D73AA9E0-B622-41A6-9E5B-924051D4CA61\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.\"}, {\"lang\": \"es\", \"value\": \"En PHP versiones 7.2.x por debajo de 7.2.28, versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo de 7.4.3, cuando es usada la funcionalidad de carga de archivos, si el seguimiento de progreso de carga est\\u00e1 habilitado, pero session.upload_progress.cleanup est\\u00e1 ajustado en 0 (deshabilitado), y la carga del archivo presenta un fallo, el procedimiento de carga intentar\\u00eda limpiar los datos que no existan y encontrar\\u00eda una desreferencia del puntero null, lo que probablemente conllevar\\u00eda a un bloqueo.\"}]",
      "id": "CVE-2020-7062",
      "lastModified": "2024-11-21T05:36:35.703",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@php.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-02-27T21:15:19.037",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html\", \"source\": \"security@php.net\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.php.net/bug.php?id=79221\", \"source\": \"security@php.net\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html\", \"source\": \"security@php.net\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-57\", \"source\": \"security@php.net\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4330-1/\", \"source\": \"security@php.net\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4717\", \"source\": \"security@php.net\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4719\", \"source\": \"security@php.net\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-14\", \"source\": \"security@php.net\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.php.net/bug.php?id=79221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202003-57\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4330-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4719\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@php.net",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@php.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7062\",\"sourceIdentifier\":\"security@php.net\",\"published\":\"2020-02-27T21:15:19.037\",\"lastModified\":\"2024-11-21T05:36:35.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.\"},{\"lang\":\"es\",\"value\":\"En PHP versiones 7.2.x por debajo de 7.2.28, versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo de 7.4.3, cuando es usada la funcionalidad de carga de archivos, si el seguimiento de progreso de carga est\u00e1 habilitado, pero session.upload_progress.cleanup est\u00e1 ajustado en 0 (deshabilitado), y la carga del archivo presenta un fallo, el procedimiento de carga intentar\u00eda limpiar los datos que no existan y encontrar\u00eda una desreferencia del puntero null, lo que probablemente conllevar\u00eda a un bloqueo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndIncluding\":\"7.2.27\",\"matchCriteriaId\":\"C6DEDF33-5700-450F-980D-8CA598A53DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.0\",\"versionEndIncluding\":\"7.3.14\",\"matchCriteriaId\":\"1CA6A47B-6146-4361-AED1-4263B7911C6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndIncluding\":\"7.4.2\",\"matchCriteriaId\":\"D73AA9E0-B622-41A6-9E5B-924051D4CA61\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html\",\"source\":\"security@php.net\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.php.net/bug.php?id=79221\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html\",\"source\":\"security@php.net\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-57\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4330-1/\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4717\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4719\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.php.net/bug.php?id=79221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-57\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4330-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4719\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-107

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
PHP	PHP	PHP 7.2.x versions antérieures à 7.2.28
PHP	PHP	PHP 7.3.x versions antérieures à 7.3.15
PHP	PHP	PHP 7.4.x versions antérieures à 7.4.3

References

Title

Publication Time

Tags

Bulletin de sécurité PHP 7.2.28 du 20 février 2020	None	vendor-advisory
Bulletin de sécurité PHP 7.3.15 du 20 février 2020	None	vendor-advisory
Bulletin de sécurité PHP 7.4.3 du 20 février 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP 7.2.x versions ant\u00e9rieures \u00e0 7.2.28",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 7.3.x versions ant\u00e9rieures \u00e0 7.3.15",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 7.4.x versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
    },
    {
      "name": "CVE-2020-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
    },
    {
      "name": "CVE-2020-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-107",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 7.2.28 du 20 f\u00e9vrier 2020",
      "url": "https://www.php.net/ChangeLog-7.php#7.2.28"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 7.3.15 du 20 f\u00e9vrier 2020",
      "url": "https://www.php.net/ChangeLog-7.php#7.3.15"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 7.4.3 du 20 f\u00e9vrier 2020",
      "url": "https://www.php.net/ChangeLog-7.php#7.4.3"
    }
  ]
}

CERTFR-2021-AVI-571

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	N/A	Tenable.sc versions antérieures à 5.19.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2021-14 du 22 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.19.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-14042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
    },
    {
      "name": "CVE-2020-7060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7060"
    },
    {
      "name": "CVE-2019-11048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11048"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2019-11041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11041"
    },
    {
      "name": "CVE-2020-7071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7071"
    },
    {
      "name": "CVE-2019-11045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11045"
    },
    {
      "name": "CVE-2021-21704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21704"
    },
    {
      "name": "CVE-2020-7070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7070"
    },
    {
      "name": "CVE-2020-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7069"
    },
    {
      "name": "CVE-2019-11046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11046"
    },
    {
      "name": "CVE-2020-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2019-19646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2021-21705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21705"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2021-23358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2020-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7068"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2019-11044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11044"
    },
    {
      "name": "CVE-2020-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7064"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2017-5661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5661"
    },
    {
      "name": "CVE-2019-11047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11047"
    },
    {
      "name": "CVE-2020-7067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7067"
    },
    {
      "name": "CVE-2020-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2019-11043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
    },
    {
      "name": "CVE-2020-7065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7065"
    },
    {
      "name": "CVE-2019-11050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11050"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2020-7066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7066"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2019-19645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2019-16168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
    },
    {
      "name": "CVE-2020-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
    },
    {
      "name": "CVE-2020-7059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7059"
    },
    {
      "name": "CVE-2019-11042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11042"
    },
    {
      "name": "CVE-2019-11049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11049"
    },
    {
      "name": "CVE-2021-21702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-571",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2021-14 du 22 juillet 2021",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ]
}

CERTFR-2020-AVI-107

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
PHP	PHP	PHP 7.2.x versions antérieures à 7.2.28
PHP	PHP	PHP 7.3.x versions antérieures à 7.3.15
PHP	PHP	PHP 7.4.x versions antérieures à 7.4.3

References

Title

Publication Time

Tags

Bulletin de sécurité PHP 7.2.28 du 20 février 2020	None	vendor-advisory
Bulletin de sécurité PHP 7.3.15 du 20 février 2020	None	vendor-advisory
Bulletin de sécurité PHP 7.4.3 du 20 février 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP 7.2.x versions ant\u00e9rieures \u00e0 7.2.28",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 7.3.x versions ant\u00e9rieures \u00e0 7.3.15",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 7.4.x versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
    },
    {
      "name": "CVE-2020-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
    },
    {
      "name": "CVE-2020-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-107",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 7.2.28 du 20 f\u00e9vrier 2020",
      "url": "https://www.php.net/ChangeLog-7.php#7.2.28"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 7.3.15 du 20 f\u00e9vrier 2020",
      "url": "https://www.php.net/ChangeLog-7.php#7.3.15"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 7.4.3 du 20 f\u00e9vrier 2020",
      "url": "https://www.php.net/ChangeLog-7.php#7.4.3"
    }
  ]
}

CERTFR-2021-AVI-571

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	N/A	Tenable.sc versions antérieures à 5.19.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2021-14 du 22 juillet 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.19.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-14042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
    },
    {
      "name": "CVE-2020-7060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7060"
    },
    {
      "name": "CVE-2019-11048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11048"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2019-11041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11041"
    },
    {
      "name": "CVE-2020-7071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7071"
    },
    {
      "name": "CVE-2019-11045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11045"
    },
    {
      "name": "CVE-2021-21704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21704"
    },
    {
      "name": "CVE-2020-7070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7070"
    },
    {
      "name": "CVE-2020-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7069"
    },
    {
      "name": "CVE-2019-11046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11046"
    },
    {
      "name": "CVE-2020-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2019-19646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2021-21705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21705"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2021-23358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2020-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7068"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2019-11044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11044"
    },
    {
      "name": "CVE-2020-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7064"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2017-5661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5661"
    },
    {
      "name": "CVE-2019-11047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11047"
    },
    {
      "name": "CVE-2020-7067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7067"
    },
    {
      "name": "CVE-2020-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2019-11043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
    },
    {
      "name": "CVE-2020-7065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7065"
    },
    {
      "name": "CVE-2019-11050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11050"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2020-7066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7066"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2019-19645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2019-16168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
    },
    {
      "name": "CVE-2020-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
    },
    {
      "name": "CVE-2020-7059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7059"
    },
    {
      "name": "CVE-2019-11042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11042"
    },
    {
      "name": "CVE-2019-11049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11049"
    },
    {
      "name": "CVE-2021-21702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-571",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2021-14 du 22 juillet 2021",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ]
}

alsa-2020:3662

Vulnerability from osv_almalinux

Published

2020-09-08 08:38

Modified

2020-09-08 08:38

Summary

Moderate: php:7.3 security, bug fix, and enhancement update

Details

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: php (7.3.20). (BZ#1856655)

Security Fix(es):

php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)
php: Buffer over-read in exif_read_data() (CVE-2019-11040)
php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045)
php: Information disclosure in exif_read_data() (CVE-2019-11047)
php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)
oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)
oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)
oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)
oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)
oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)
pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454)
php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)
php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)
php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)
php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)
php: Information disclosure in exif_read_data() function (CVE-2020-7064)
php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)
php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)
php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)
php: Out of bounds read when parsing EXIF information (CVE-2019-11050)
oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)
php: Information disclosure in function get_headers (CVE-2020-7066)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2020-3662.html	ADVISORY
	https://vulners.com/cve/CVE-2019-11039	REPORT
	https://vulners.com/cve/CVE-2019-11040	REPORT
	https://vulners.com/cve/CVE-2019-11041	REPORT
	https://vulners.com/cve/CVE-2019-11042	REPORT
	https://vulners.com/cve/CVE-2019-11045	REPORT
	https://vulners.com/cve/CVE-2019-11047	REPORT
	https://vulners.com/cve/CVE-2019-11048	REPORT
	https://vulners.com/cve/CVE-2019-11050	REPORT
	https://vulners.com/cve/CVE-2019-13224	REPORT
	https://vulners.com/cve/CVE-2019-13225	REPORT
	https://vulners.com/cve/CVE-2019-16163	REPORT
	https://vulners.com/cve/CVE-2019-19203	REPORT
	https://vulners.com/cve/CVE-2019-19204	REPORT
	https://vulners.com/cve/CVE-2019-19246	REPORT
	https://vulners.com/cve/CVE-2019-20454	REPORT
	https://vulners.com/cve/CVE-2020-7059	REPORT
	https://vulners.com/cve/CVE-2020-7060	REPORT
	https://vulners.com/cve/CVE-2020-7062	REPORT
	https://vulners.com/cve/CVE-2020-7063	REPORT
	https://vulners.com/cve/CVE-2020-7064	REPORT
	https://vulners.com/cve/CVE-2020-7065	REPORT
	https://vulners.com/cve/CVE-2020-7066	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "apcu-panel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.17-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-bcmath"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-bcmath"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-bcmath"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dba"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dba"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dba"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dbg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dbg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dbg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-embedded"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-embedded"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-embedded"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-enchant"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-enchant"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-enchant"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-fpm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-fpm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-fpm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-intl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-intl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-intl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-json"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-json"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-json"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mbstring"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mbstring"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mbstring"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mysqlnd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mysqlnd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mysqlnd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-odbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-odbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-odbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-opcache"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-opcache"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-opcache"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pdo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pdo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pdo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pear"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.10.9-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.17-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.17-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.17-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.17-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.17-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.17-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-rrd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-rrd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-rrd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-xdebug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.0-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-xdebug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.0-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-xdebug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.0-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-zip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.4-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-zip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.4-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-zip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.4-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pgsql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pgsql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pgsql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-process"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-process"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-process"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-recode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-recode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-recode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-snmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-snmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-snmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-soap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-soap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-soap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-xmlrpc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.5.0+152+112d3b8c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-xmlrpc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.3.0+2009+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-xmlrpc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.3.20-1.module_el8.4.0+2229+b272fdef"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: php (7.3.20). (BZ#1856655)\n\nSecurity Fix(es):\n\n* php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039)\n\n* php: Buffer over-read in exif_read_data() (CVE-2019-11040)\n\n* php: DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte (CVE-2019-11045)\n\n* php: Information disclosure in exif_read_data() (CVE-2019-11047)\n\n* php: Integer wraparounds when receiving multipart forms (CVE-2019-11048)\n\n* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)\n\n* oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225)\n\n* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)\n\n* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)\n\n* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)\n\n* pcre: Out of bounds read in JIT mode when \\X is used in non-UTF mode (CVE-2019-20454)\n\n* php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059)\n\n* php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)\n\n* php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062)\n\n* php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063)\n\n* php: Information disclosure in exif_read_data() function (CVE-2020-7064)\n\n* php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065)\n\n* php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041)\n\n* php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)\n\n* php: Out of bounds read when parsing EXIF information (CVE-2019-11050)\n\n* oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246)\n\n* php: Information disclosure in function get_headers (CVE-2020-7066)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2020:3662",
  "modified": "2020-09-08T08:38:22Z",
  "published": "2020-09-08T08:38:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-3662.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11039"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11040"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11041"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11042"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11045"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11047"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11048"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-11050"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-13224"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-13225"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-16163"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-19203"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-19204"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-19246"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-20454"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-7059"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-7060"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-7062"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-7063"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-7064"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-7065"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-7066"
    }
  ],
  "related": [
    "CVE-2019-11039",
    "CVE-2019-11040",
    "CVE-2019-11045",
    "CVE-2019-11047",
    "CVE-2019-11048",
    "CVE-2019-13224",
    "CVE-2019-13225",
    "CVE-2019-16163",
    "CVE-2019-19203",
    "CVE-2019-19204",
    "CVE-2019-20454",
    "CVE-2020-7059",
    "CVE-2020-7060",
    "CVE-2020-7062",
    "CVE-2020-7063",
    "CVE-2020-7064",
    "CVE-2020-7065",
    "CVE-2019-11041",
    "CVE-2019-11042",
    "CVE-2019-11050",
    "CVE-2019-19246",
    "CVE-2020-7066"
  ],
  "summary": "Moderate: php:7.3 security, bug fix, and enhancement update"
}

BDU:2021-00098

Vulnerability from fstec - Published: 17.02.2020

Title

Уязвимость интерпретатора языка программирования PHP, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость интерпретатора языка программирования PHP связана с разыменованием нулевого указателя. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?

Vendor

ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Canonical Ltd., Novell Inc., PHP Group, АО «ИВК», АО «Концерн ВНИИНС»

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Ubuntu, OpenSUSE Leap, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), PHP, Альт 8 СП (запись в едином реестре российских программ №4305), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), 9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 12.04 ESM (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 19.10 (Ubuntu), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), от 7.2.0 до 7.2.27 (PHP), от 7.3.0 до 7.3.14 (PHP), от 7.4.0 до 7.4.2 (PHP), - (Альт 8 СП), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для PHP: Обновление программного обеспечения до 7.4.5-1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета php7.3) до 7.3.19-1~deb10u1 или более поздней версии https://www.debian.org/security/2020/dsa-4717 https://www.debian.org/security/2020/dsa-4719 https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html Для Ubuntu: https://usn.ubuntu.com/4330-1/ Для Astra Linux: https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 Для программных продуктов Novell Inc/: http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html Для ОС ОН «Стрелец»: Обновление программного обеспечения php7.0 до версии 7.0.33.repack1-0+deb9u10.osnova6 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html https://bugs.php.net/bug.php?id=79221 https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html https://nvd.nist.gov/vuln/detail/CVE-2020-7062 https://security.gentoo.org/glsa/202003-57 https://security-tracker.debian.org/tracker/CVE-2020-7062 https://usn.ubuntu.com/4330-1/ https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.debian.org/security/2020/dsa-4717 https://www.debian.org/security/2020/dsa-4719 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., Novell Inc., PHP Group, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12.04 ESM (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 19.10 (Ubuntu), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u043e\u0442 7.2.0 \u0434\u043e 7.2.27 (PHP), \u043e\u0442 7.3.0 \u0434\u043e 7.3.14 (PHP), \u043e\u0442 7.4.0 \u0434\u043e 7.4.2 (PHP), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f PHP:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 7.4.5-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 php7.3) \u0434\u043e 7.3.19-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\nhttps://www.debian.org/security/2020/dsa-4717\t\nhttps://www.debian.org/security/2020/dsa-4719\nhttps://lists.debian.org/debian-lts-announce/2020/03/msg00034.html\t\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4330-1/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc/:\nhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f php7.0 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7.0.33.repack1-0+deb9u10.osnova6\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.02.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.01.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00098",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-7062",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Ubuntu, OpenSUSE Leap, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), PHP, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb 64-bit (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 12.04 ESM , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 19.10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html\nhttps://bugs.php.net/bug.php?id=79221\nhttps://lists.debian.org/debian-lts-announce/2020/03/msg00034.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7062\nhttps://security.gentoo.org/glsa/202003-57\nhttps://security-tracker.debian.org/tracker/CVE-2020-7062\nhttps://usn.ubuntu.com/4330-1/\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.debian.org/security/2020/dsa-4717\nhttps://www.debian.org/security/2020/dsa-4719\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

bit-libphp-2020-7062

Vulnerability from bitnami_vulndb

Published

2025-08-11 13:53

Modified

2025-08-11 14:19

Summary

Null Pointer Dereference in PHP Session Upload Progress

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "libphp",
        "purl": "pkg:bitnami/libphp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.2.0"
            },
            {
              "fixed": "7.2.28"
            },
            {
              "introduced": "7.3.0"
            },
            {
              "fixed": "7.3.15"
            },
            {
              "introduced": "7.4.0"
            },
            {
              "fixed": "7.4.3"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7062"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.",
  "id": "BIT-libphp-2020-7062",
  "modified": "2025-08-11T14:19:40.295Z",
  "published": "2025-08-11T13:53:01.649Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=79221"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7062"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-57"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4330-1/"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4717"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4719"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Null Pointer Dereference in PHP Session Upload Progress"
}

bit-php-2020-7062

Vulnerability from bitnami_vulndb

Published

2024-03-06 11:07

Modified

2025-05-20 10:02

Summary

Null Pointer Dereference in PHP Session Upload Progress

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "php",
        "purl": "pkg:bitnami/php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.2.0"
            },
            {
              "fixed": "7.2.28"
            },
            {
              "introduced": "7.3.0"
            },
            {
              "fixed": "7.3.15"
            },
            {
              "introduced": "7.4.0"
            },
            {
              "fixed": "7.4.3"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7062"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.",
  "id": "BIT-php-2020-7062",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T11:07:23.066Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/bug.php?id=79221"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-57"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4330-1/"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4717"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4719"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7062"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Null Pointer Dereference in PHP Session Upload Progress"
}

CNVD-2020-14698

Vulnerability from cnvd - Published: 2020-02-29

Title

PHP空指针解引用漏洞

Description

PHP（PHP：Hypertext Preprocessor，PHP：超文本预处理器）是PHPGroup和开放源代码社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。 PHP存在空指针解引用漏洞。该漏洞源于在使用文件上传功能时，如果启用了上传进度跟踪，但是session.upload_progress.cleanup设置为0（禁用），且文件上传失败时，上传进程会尝试清除不存在的数据。攻击者可利用该漏洞导致PHP崩溃。

Severity

中

Patch Name

PHP空指针解引用漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://bugs.php.net/bug.php?id=79221

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7062

Impacted products

Name
['PHP PHP 7.2.，<7.2.28', 'PHP PHP 7.3.，<7.3.15', 'PHP PHP 7.4.*，<7.4.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7062",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-7062"
    }
  },
  "description": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHPGroup\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u7684\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u4e3b\u8981\u7528\u4e8eWeb\u5f00\u53d1\uff0c\u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nPHP\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u4f7f\u7528\u6587\u4ef6\u4e0a\u4f20\u529f\u80fd\u65f6\uff0c\u5982\u679c\u542f\u7528\u4e86\u4e0a\u4f20\u8fdb\u5ea6\u8ddf\u8e2a\uff0c\u4f46\u662fsession.upload_progress.cleanup\u8bbe\u7f6e\u4e3a0\uff08\u7981\u7528\uff09\uff0c\u4e14\u6587\u4ef6\u4e0a\u4f20\u5931\u8d25\u65f6\uff0c\u4e0a\u4f20\u8fdb\u7a0b\u4f1a\u5c1d\u8bd5\u6e05\u9664\u4e0d\u5b58\u5728\u7684\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4PHP\u5d29\u6e83\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bugs.php.net/bug.php?id=79221",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-14698",
  "openTime": "2020-02-29",
  "patchDescription": "PHP\uff08PHP\uff1aHypertext Preprocessor\uff0cPHP\uff1a\u8d85\u6587\u672c\u9884\u5904\u7406\u5668\uff09\u662fPHPGroup\u548c\u5f00\u653e\u6e90\u4ee3\u7801\u793e\u533a\u7684\u5171\u540c\u7ef4\u62a4\u7684\u4e00\u79cd\u5f00\u6e90\u7684\u901a\u7528\u8ba1\u7b97\u673a\u811a\u672c\u8bed\u8a00\u3002\u8be5\u8bed\u8a00\u4e3b\u8981\u7528\u4e8eWeb\u5f00\u53d1\uff0c\u652f\u6301\u591a\u79cd\u6570\u636e\u5e93\u53ca\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nPHP\u5b58\u5728\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u4f7f\u7528\u6587\u4ef6\u4e0a\u4f20\u529f\u80fd\u65f6\uff0c\u5982\u679c\u542f\u7528\u4e86\u4e0a\u4f20\u8fdb\u5ea6\u8ddf\u8e2a\uff0c\u4f46\u662fsession.upload_progress.cleanup\u8bbe\u7f6e\u4e3a0\uff08\u7981\u7528\uff09\uff0c\u4e14\u6587\u4ef6\u4e0a\u4f20\u5931\u8d25\u65f6\uff0c\u4e0a\u4f20\u8fdb\u7a0b\u4f1a\u5c1d\u8bd5\u6e05\u9664\u4e0d\u5b58\u5728\u7684\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4PHP\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PHP\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "PHP PHP 7.2.*\uff0c\u003c7.2.28",
      "PHP PHP 7.3.*\uff0c\u003c7.3.15",
      "PHP PHP 7.4.*\uff0c\u003c7.4.3"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7062",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-28",
  "title": "PHP\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e"
}

FKIE_CVE-2020-7062

Vulnerability from fkie_nvd - Published: 2020-02-27 21:15 - Updated: 2024-11-21 05:36

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security@php.net	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html	Mailing List, Third Party Advisory
security@php.net	https://bugs.php.net/bug.php?id=79221	Exploit, Vendor Advisory
security@php.net	https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html	Mailing List, Third Party Advisory
security@php.net	https://security.gentoo.org/glsa/202003-57	Third Party Advisory
security@php.net	https://usn.ubuntu.com/4330-1/	Third Party Advisory
security@php.net	https://www.debian.org/security/2020/dsa-4717	Third Party Advisory
security@php.net	https://www.debian.org/security/2020/dsa-4719	Third Party Advisory
security@php.net	https://www.tenable.com/security/tns-2021-14	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.php.net/bug.php?id=79221	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202003-57	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4330-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4717	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4719	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/tns-2021-14	Third Party Advisory

Impacted products

Vendor	Product	Version
php	php	*
php	php	*
php	php	*
opensuse	leap	15.1
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DEDF33-5700-450F-980D-8CA598A53DED",
              "versionEndIncluding": "7.2.27",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA6A47B-6146-4361-AED1-4263B7911C6C",
              "versionEndIncluding": "7.3.14",
              "versionStartIncluding": "7.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D73AA9E0-B622-41A6-9E5B-924051D4CA61",
              "versionEndIncluding": "7.4.2",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash."
    },
    {
      "lang": "es",
      "value": "En PHP versiones 7.2.x por debajo de 7.2.28, versiones 7.3.x por debajo de 7.3.15 y versiones 7.4.x por debajo de 7.4.3, cuando es usada la funcionalidad de carga de archivos, si el seguimiento de progreso de carga est\u00e1 habilitado, pero session.upload_progress.cleanup est\u00e1 ajustado en 0 (deshabilitado), y la carga del archivo presenta un fallo, el procedimiento de carga intentar\u00eda limpiar los datos que no existan y encontrar\u00eda una desreferencia del puntero null, lo que probablemente conllevar\u00eda a un bloqueo."
    }
  ],
  "id": "CVE-2020-7062",
  "lastModified": "2024-11-21T05:36:35.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security@php.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-27T21:15:19.037",
  "references": [
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79221"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-57"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4330-1/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4717"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4719"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4330-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "sourceIdentifier": "security@php.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "security@php.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7062 (GCVE-0-2020-7062)

Solution

Solution

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature