0.001 Low
EPSS
Percentile
25.1%
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
bugzilla.redhat.com/show_bug.cgi?id=1868109
nvd.nist.gov/vuln/detail/CVE-2020-7068
www.cve.org/CVERecord?id=CVE-2020-7068