CVE-2020-7067

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

16 May 2022, 19:57

Type Values Removed Values Added
References
  • (CONFIRM) https://www.tenable.com/security/tns-2021-14 - Patch, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4717 - (DEBIAN) https://www.debian.org/security/2020/dsa-4717 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Not Applicable, Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4719 - (DEBIAN) https://www.debian.org/security/2020/dsa-4719 - Third Party Advisory
CPE cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
First Time Tenable tenable.sc
Tenable
Debian
Debian debian Linux
Oracle
Oracle communications Diameter Signaling Router

14 Jun 2021, 18:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -

Information

Published : 2020-04-27 21:15

Updated : 2023-12-10 13:27


NVD link : CVE-2020-7067

Mitre link : CVE-2020-7067

CVE.ORG link : CVE-2020-7067


JSON object : View

Products Affected

oracle

  • communications_diameter_signaling_router

debian

  • debian_linux

tenable

  • tenable.sc

php

  • php
CWE
CWE-125

Out-of-bounds Read

CWE-196

Unsigned to Signed Conversion Error