Published: 27/02/2020 Updated: 16/05/2022

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
tenable tenable.sc

In PHP versions 73x below 7315 and 74x below 743, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer This could potentially lead to information disclosure or crash (CVE-2020-7061) In PHP versions 72x below 7228, 73x below 7315 and 74 ...

Tenablesc leverages third-party software to help provide underlying functionality Multiple third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of the ...

CWE-125 https://bugs.php.net/bug.php?id=79171 https://security.gentoo.org/glsa/202003-57 https://www.tenable.com/security/tns-2021-14 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2020-1351.html

CVE-2020-7061

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect