CVE-2020-7061
Advisory lineage Upstream: 0 Downstream: 1
Downstream
Modified
Published: 27 Feb 2020, 20:25
Last modified:17 Sept 2024, 01:21
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.1 CRITICAL
v3.1 (nvd)
EPSS Score
3.09% LOW
3% probability +1.03%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
27 Feb 2020, 20:25
Published
Vulnerability first disclosed
17 Sept 2024, 01:21
Last Modified
Vulnerability information updated
Description
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
- v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
- v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:N/A:P
EPSS Trends
Current EPSS score: 3.09%• Percentile: 87%
Techniques & Countermeasures
- CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Affected Systems
- Unknown•PHP
≥ 7.3.x, < 7.3.15 | ≥ 7.4.x, < 7.4.3
- Unknown•PHP
≥ 7.2.0, ≤ 7.2.27 | ≥ 7.3.0, ≤ 7.3.14 | ≥ 7.4.0, ≤ 7.4.2
- tenable•tenable.sc
< 5.19.0