CVE-2020-7066
Advisory lineage Upstream: 0 Downstream: 15
Modified
Published: 01 Apr 2020, 03:35
Last modified:17 Sept 2024, 01:51
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
5.3 MEDIUM
v3.1 (cve.org)
EPSS Score
2.19% LOW
2% probability +0.66%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
01 Apr 2020, 03:35
Published
Vulnerability first disclosed
17 Sept 2024, 01:51
Last Modified
Vulnerability information updated
Description
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 2.19%• Percentile: 85%
Techniques & Countermeasures
- CWE-170•Improper Null Termination
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
Affected Systems
- debian•debian_linux
8.0 | 9.0 | 10.0
- opensuse•leap
15.1
- Unknown•PHP
7.2.x below 7.2.29 | 7.3.x below 7.3.16 | 7.4.x below 7.4.4
- Unknown•PHP
≥ 7.2.0, < 7.2.29 | ≥ 7.3.0, < 7.3.16 | ≥ 7.4.0, < 7.4.4
- tenable•tenable.sc
< 5.19.0 | 5.19.0
References (8)
- https://bugs.php.net/bug.php?id=79329
- https://security.netapp.com/advisory/ntap-20200403-0001/
- https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html
- https://usn.ubuntu.com/4330-2/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- https://www.tenable.com/security/tns-2021-14