In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

References

bugzilla.redhat.com/show_bug.cgi?id=1868109

nvd.nist.gov/vuln/detail/CVE-2020-7068

www.cve.org/CVERecord?id=CVE-2020-7068

nessus 40

hackerone 1

alpinelinux 1

openvas 21

ibm 1

suse 2

altlinux 2

nvd 1

cvelist 1

osv 8

prion 1

freebsd 1

cve 1

fedora 2

gentoo 1

debian 2

ubuntucve 1

veracode 1

amazon 1

debiancve 1

redhat 2

rocky 1

ubuntu 2

oraclelinux 1

almalinux 1

nessus

Debian DLA-2345-1 : php7.0 security update

2020-08-27 00:00:00

openSUSE Security Update : php7 (openSUSE-2020-1356)

2020-09-08 00:00:00

Fedora 31 : php (2020-8e36afc743)

2020-08-19 00:00:00

hackerone

Internet Bug Bounty: Use after free vulnerability in phar_parse_zipfile

2020-08-03 15:54:17

alpinelinux

CVE-2020-7068

2020-09-09 18:15:23

openvas

SUSE: Security Advisory (SUSE-SU-2020:2456-1)

2021-06-09 00:00:00

PHP < 7.2.33, 7.3 < 7.3.21, 7.4 < 7.4.9 DoS Vulnerability (Aug 2020) - Windows

2020-08-07 00:00:00

openSUSE: Security Advisory for php7 (openSUSE-SU-2020:1354-1)

2020-09-08 00:00:00

ibm

Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via PHP (CVE-2020-7068)

2021-01-04 22:04:18

suse

Security update for php7 (moderate)

2020-09-07 00:00:00

Security update for php7 (moderate)

2020-09-07 00:00:00

altlinux

Security fix for the ALT Linux 8 package php7 version 7.2.33-alt1

2020-08-12 00:00:00

Security fix for the ALT Linux 9 package php7 version 7.3.21-alt1

2020-08-11 00:00:00

nvd

CVE-2020-7068

2020-09-09 18:15:23

cvelist

CVE-2020-7068 Use of freed hash key in the phar_parse_zipfile function

2020-08-03 00:00:00

osv

BIT-php-2020-7068

2024-03-06 11:06:18

CVE-2020-7068

2020-09-09 18:15:23

php7.0 - security update

2020-08-26 00:00:00

prion

Information disclosure

2020-09-09 18:15:00

freebsd

php72 -- use of freed hash key

2020-07-06 00:00:00

cve

CVE-2020-7068

2020-09-09 18:15:23

fedora

[SECURITY] Fedora 32 Update: php-7.4.9-1.fc32

2020-08-19 00:52:00

[SECURITY] Fedora 31 Update: php-7.3.21-1.fc31

2020-08-19 01:01:59

gentoo

PHP: Denial of service

2020-09-13 00:00:00

debian

[SECURITY] [DLA 2345-1] php7.0 security update

2020-08-26 10:48:56

[SECURITY] [DSA 4856-1] php7.3 security update

2021-02-17 22:08:33

ubuntucve

CVE-2020-7068

2020-09-09 00:00:00

veracode

Information Disclosure

2020-09-07 02:54:20

amazon

Low: php72, php73

2020-08-26 23:09:00

debiancve

CVE-2020-7068

2020-09-09 18:15:23

redhat

(RHSA-2021:4213) Moderate: php:7.4 security, bug fix, and enhancement update

2021-11-09 08:42:20

(RHSA-2021:2992) Moderate: rh-php73-php security, bug fix, and enhancement update

2021-08-03 08:11:09

rocky

php:7.4 security, bug fix, and enhancement update

2021-11-09 08:42:20

ubuntu

PHP vulnerabilities

2021-07-07 00:00:00

PHP vulnerabilities

2021-07-13 00:00:00

oraclelinux

php:7.4 security, bug fix, and enhancement update

2021-11-16 00:00:00

almalinux

Moderate: php:7.4 security, bug fix, and enhancement update

2021-11-09 08:42:20

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.001 Low

EPSS

Percentile

25.1%

JSON

Related for RH:CVE-2020-7068