Vulnerability CVE-2020-7069: Information

Description

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-7069

Published: Oct. 2, 2020

Modified: Nov. 7, 2023

Error type identifier: CWE-326

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
php7	p10	7.4.11-alt1	7.4.33-alt1	ALT-PU-2020-2960-1	259376	Fixed
php7	p9	7.3.23-alt1	7.3.33-alt1	ALT-PU-2020-3009-1	259362	Fixed
php7	p8	7.2.34-alt1	7.2.34-alt1	ALT-PU-2020-3039-1	259367	Fixed
php7	c10f1	7.4.11-alt1	7.4.33-alt1	ALT-PU-2020-2960-1	259376	Fixed
php7	c9f2	7.3.31-alt1	7.4.33-alt1	ALT-PU-2021-3079-1	287613	Fixed
php7-curl	p8	7.2.34-alt1	7.2.34-alt1	ALT-PU-2020-3040-1	259367	Fixed
php7-gd	p8	7.2.34-alt1.1	7.2.34-alt1.1	ALT-PU-2020-3041-1	259367	Fixed
php7-intl	p8	7.2.34-alt1	7.2.34-alt1	ALT-PU-2020-3047-1	259367	Fixed
php7-opcache	p8	7.2.34-alt1.1	7.2.34-alt1.1	ALT-PU-2020-3048-1	259367	Fixed
php7-openssl	p8	7.2.34-alt1.1	7.2.34-alt1.1	ALT-PU-2020-3042-1	259367	Fixed
php7-pdo_mysql	p8	7.2.34-alt1	7.2.34-alt1	ALT-PU-2020-3043-1	259367	Fixed
php7-pgsql	p8	7.2.34-alt1.2	7.2.34-alt1.2	ALT-PU-2020-3044-1	259367	Fixed
php7-tidy	p8	7.2.34-alt1	7.2.34-alt1	ALT-PU-2020-3050-1	259367	Fixed
php7-xmlrpc	p8	7.2.34-alt1	7.2.34-alt1	ALT-PU-2020-3049-1	259367	Fixed
php7-xsl	p8	7.2.34-alt1	7.2.34-alt1	ALT-PU-2020-3046-1	259367	Fixed
php7-zip	p8	7.2.34-alt1.1	7.2.34-alt1.1	ALT-PU-2020-3045-1	259367	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugs.php.net/bug.php?id=79601	Issue Tracking Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20201016-0001/	Third Party Advisory
openSUSE-SU-2020:1703	Mailing List Third Party Advisory
USN-4583-1	Third Party Advisory
openSUSE-SU-2020:1767	Mailing List Third Party Advisory
GLSA-202012-16	Third Party Advisory
DSA-4856	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.tenable.com/security/tns-2021-14	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
FEDORA-2020-4573f0e03a
FEDORA-2020-4fe6b116e5
FEDORA-2020-94763cb98b

Affected configurations:
1. Configuration 1
  cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
  Start including
  7.4.0
  End excliding
  7.4.11
  cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
  Start including
  7.3.0
  End excliding
  7.3.23
  cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
  Start including
  7.2.0
  End excliding
  7.2.34
  
  Configuration 2
  cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
  
  Configuration 6
  cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
  Start including
  8.0.0
  End including
  8.5.0
  
  Configuration 8
  cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
  End excliding
  5.19.0

Version: v24.4.2

Vulnerability CVE-2020-7069: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8