CVE-2020-7067

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

Published: Apr 27, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-7067
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
php / php	7.4.0	7.4.5
php / php	7.3.0	7.3.17
php / php	7.2.0	7.2.30
tenable / tenable.sc	-	5.19.0
oracle / communications_diameter_signaling_router	8.0.0.0	8.4.0.5.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x

https://bugs.php.net/bug.php?id=79465
https://security.netapp.com/advisory/ntap-20200504-0001/
https://www.debian.org/security/2020/dsa-4717
https://www.debian.org/security/2020/dsa-4719
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.tenable.com/security/tns-2021-14

Vulnerability Database

289,599

CVE-2020-7067