Vulnerability CVE-2020-7059: Information

Description

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-7059
Published: Feb. 10, 2020
Modified: July 1, 2022
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
php7p107.3.14-alt17.4.33-alt1ALT-PU-2020-1149-1245591Fixed
php7p97.3.14-alt17.3.33-alt1ALT-PU-2020-1206-1245592Fixed
php7p87.2.27-alt17.2.34-alt1ALT-PU-2020-1226-1245613Fixed
php7c10f17.3.14-alt17.4.33-alt1ALT-PU-2020-1149-1245591Fixed
php7c9f27.3.14-alt17.4.33-alt1ALT-PU-2020-1206-1245592Fixed
php7-curlp87.2.27-alt17.2.34-alt1ALT-PU-2020-1227-1245613Fixed
php7-intlp87.2.27-alt17.2.34-alt1ALT-PU-2020-1233-1245613Fixed
php7-opcachep87.2.27-alt1.17.2.34-alt1.1ALT-PU-2020-1234-1245613Fixed
php7-opensslp87.2.27-alt1.17.2.34-alt1.1ALT-PU-2020-1228-1245613Fixed
php7-pdo_mysqlp87.2.27-alt17.2.34-alt1ALT-PU-2020-1229-1245613Fixed
php7-pgsqlp87.2.27-alt1.27.2.34-alt1.2ALT-PU-2020-1230-1245613Fixed
php7-tidyp87.2.27-alt17.2.34-alt1ALT-PU-2020-1236-1245613Fixed
php7-xmlrpcp87.2.27-alt17.2.34-alt1ALT-PU-2020-1235-1245613Fixed
php7-xslp87.2.27-alt17.2.34-alt1ALT-PU-2020-1232-1245613Fixed
php7-zipp87.2.27-alt1.17.2.34-alt1.1ALT-PU-2020-1231-1245613Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugs.php.net/bug.php?id=79099
  • Exploit
  • Vendor Advisory
20200218 [SECURITY] [DSA 4626-1] php7.3 security update
  • Mailing List
  • Third Party Advisory
DSA-4626
  • Third Party Advisory
USN-4279-1
  • Patch
  • Third Party Advisory
20200219 [SECURITY] [DSA 4628-1] php7.0 security update
  • Mailing List
  • Third Party Advisory
DSA-4628
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20200221-0002/
  • Third Party Advisory
[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update
  • Third Party Advisory
openSUSE-SU-2020:0341
  • Third Party Advisory
GLSA-202003-57
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
  • Third Party Advisory
20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update
  • Mailing List
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
  • Third Party Advisory
https://www.tenable.com/security/tns-2021-14
  • Patch
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
      Start including
      7.4.0
      End excliding
      7.4.2
      cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
      Start including
      7.2.0
      End excliding
      7.2.27
      cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
      Start including
      7.3.0
      End excliding
      7.3.14

      Configuration 2

      cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
      End excliding
      5.19.0

      Configuration 3

      cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
      Start including
      8.0
      End including
      8.4

      Configuration 4

      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top