CVE-2020-7068 - OpenCVE

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Php	Php
Tenable	Tenable.sc

Configuration 1 [-]

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugs.php.net/bug.php?id=79797	Exploit Mailing List Patch Vendor Advisory
https://security.gentoo.org/glsa/202009-10	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200918-0005/	Third Party Advisory
https://www.debian.org/security/2021/dsa-4856	Third Party Advisory
https://www.tenable.com/security/tns-2021-14	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: php

Published: 2020-08-03T00:00:00

Updated: 2021-07-22T17:07:33

Reserved: 2020-01-15T00:00:00

Link: CVE-2020-7068

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-09T18:15:23.400

Modified: 2022-07-01T12:18:14.377

Link: CVE-2020-7068

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "7.3.21", "status": "affected", "version": "7.3.x", "versionType": "custom"}, {"lessThan": "7.4.9", "status": "affected", "version": "7.4.x", "versionType": "custom"}, {"lessThan": "7.2.33", "status": "affected", "version": "7.2.x", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "phar extension must be enabled"}], "credits": [{"lang": "en", "value": "grigoritchy at gmail dot com"}], "datePublic": "2020-08-03T00:00:00", "descriptions": [{"lang": "en", "value": "In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-22T17:07:33", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=79797"}, {"name": "GLSA-202009-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202009-10"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200918-0005/"}, {"name": "DSA-4856", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4856"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2021-14"}], "source": {"defect": ["https://bugs.php.net/bug.php?id=79797"], "discovery": "EXTERNAL"}, "title": "Use of freed hash key in the phar_parse_zipfile function", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@php.net", "DATE_PUBLIC": "2020-08-03T16:16:00.000Z", "ID": "CVE-2020-7068", "STATE": "PUBLIC", "TITLE": "Use of freed hash key in the phar_parse_zipfile function"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHP", "version": {"version_data": [{"version_affected": "<", "version_name": "7.3.x", "version_value": "7.3.21"}, {"version_affected": "<", "version_name": "7.4.x", "version_value": "7.4.9"}, {"version_affected": "<", "version_name": "7.2.x", "version_value": "7.2.33"}]}}]}, "vendor_name": "PHP Group"}]}}, "configuration": [{"lang": "en", "value": "phar extension must be enabled"}], "credit": [{"lang": "eng", "value": "grigoritchy at gmail dot com"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416 Use After Free"}]}]}, "references": {"reference_data": [{"name": "https://bugs.php.net/bug.php?id=79797", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=79797"}, {"name": "GLSA-202009-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202009-10"}, {"name": "https://security.netapp.com/advisory/ntap-20200918-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200918-0005/"}, {"name": "DSA-4856", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4856"}, {"name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14"}]}, "source": {"defect": ["https://bugs.php.net/bug.php?id=79797"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2020-7068", "datePublished": "2020-08-03T00:00:00", "dateReserved": "2020-01-15T00:00:00", "dateUpdated": "2021-07-22T17:07:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "822158CB-39AD-45A2-8846-64B9DA6D7D6D", "versionEndExcluding": "7.2.33", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "9638ADE3-FBBA-4F05-B115-38E19926C73B", "versionEndExcluding": "7.3.21", "versionStartIncluding": "7.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "548DD627-7597-4A9B-8C3B-6A40B737639B", "versionEndExcluding": "7.4.9", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF", "versionEndExcluding": "5.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure."}, {"lang": "es", "value": "En PHP versiones 7.2.x por debajo de 7.2.33, 7.3.x por debajo de 7.3.21 y 7.4.x por debajo de 7.4.9, mientras se procesan archivos PHAR con la extensi\u00f3n phar, la funci\u00f3n phar_parse_zipfile podr\u00eda ser enga\u00f1ada para que acceda a la memoria liberada, lo que podr\u00eda conllevar a un bloqueo o una divulgaci\u00f3n de informaci\u00f3n"}], "id": "CVE-2020-7068", "lastModified": "2022-07-01T12:18:14.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "security@php.net", "type": "Secondary"}]}, "published": "2020-09-09T18:15:23.400", "references": [{"source": "security@php.net", "tags": ["Exploit", "Mailing List", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=79797"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202009-10"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200918-0005/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4856"}, {"source": "security@php.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-14"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "security@php.net", "type": "Secondary"}]}