UBUNTU-CVE-2020-7059

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2020-7059
Downstream
USN-4279-1
Published: 10 Feb 2020, 08:15
Last modified:22 Apr 2026, 12:44

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

10 Feb 2020, 08:15
Published
Vulnerability first disclosed
22 Apr 2026, 12:44
Last Modified
Vulnerability information updated

Description

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

CVSS Metrics

  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected Systems

  • ubuntuphp5

    < 5.5.9+dfsg-1ubuntu4.29+esm10

  • ubuntuphp7.0

    < 7.0.33-0ubuntu0.16.04.11

  • ubuntuphp7.2

    < 7.2.24-0ubuntu0.18.04.3

References (3)