CVE-2020-7068 : In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, wh

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

Published 2020-09-09 18:15:23

Updated 2022-07-01 12:18:14

Source PHP Group

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2020-7068

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
PHP » PHP
Versions from including (>=) 7.4.0 and before (<) 7.4.9
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Matching versions
PHP » PHP
Versions from including (>=) 7.2.0 and before (<) 7.2.33
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Matching versions
PHP » PHP
Versions from including (>=) 7.3.0 and before (<) 7.3.21
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Matching versions
Tenable » Tenable.sc
Versions before (<) 5.19.0
cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2020-7068

Top countries where our scanners detected CVE-2020-7068

Top open port discovered on systems with this issue 80

IPs affected by CVE-2020-7068 321,715

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2020-7068!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2020-7068

EPSS FAQ

1.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-7068

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:P	3.4	4.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
3.6	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L	1.0	2.5	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: Low
4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L	2.2	2.5	PHP Group
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: Low

CWE ids for CVE-2020-7068

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Assigned by:
- nvd@nist.gov (Primary)
- security@php.net (Secondary)

References for CVE-2020-7068

https://www.debian.org/security/2021/dsa-4856

Debian -- Security Information -- DSA-4856-1 php7.3
Third Party Advisory

CVEs referencing this url
https://www.tenable.com/security/tns-2021-14

[R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®
Patch;Third Party Advisory

CVEs referencing this url
https://bugs.php.net/bug.php?id=79797

PHP :: Sec Bug #79797 :: Use of freed hash key in the phar_parse_zipfile function
Exploit;Mailing List;Patch;Vendor Advisory
https://security.netapp.com/advisory/ntap-20200918-0005/

CVE-2020-7068 PHP Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://security.gentoo.org/glsa/202009-10

PHP: Denial of service (GLSA 202009-10) — Gentoo security
Third Party Advisory