CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
References
Link Resource
https://bugs.php.net/bug.php?id=79171 Exploit Vendor Advisory
https://security.gentoo.org/glsa/202003-57 Third Party Advisory
https://www.tenable.com/security/tns-2021-14 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*

History

16 May 2022, 19:42

Type Values Removed Values Added
References
  • (CONFIRM) https://www.tenable.com/security/tns-2021-14 - Patch, Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202003-57 - (GENTOO) https://security.gentoo.org/glsa/202003-57 - Third Party Advisory
CPE cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
First Time Tenable tenable.sc
Tenable

Information

Published : 2020-02-27 21:15

Updated : 2023-12-10 13:13


NVD link : CVE-2020-7061

Mitre link : CVE-2020-7061

CVE.ORG link : CVE-2020-7061


JSON object : View

Products Affected

microsoft

  • windows

tenable

  • tenable.sc

php

  • php
CWE
CWE-125

Out-of-bounds Read