CVE-2020-7066

2020-04-0100:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below
7.4.4, while using get_headers() with user-supplied URL, if the URL
contains zero (\0) character, the URL will be silently truncated at it.
This may cause some software to make incorrect assumptions about the target
of the get_headers() and possibly send some information to a wrong server.

Bugs

<https://bugs.php.net/bug.php?id=79329>

Notes

Author	Note
sbeattie	PEAR issues should go against php-pear as of xenial
leosilva	php5 in precise is 5.3 and does not support the Zend API needed to fix this issue. Since backport this is to intrusive, marking it as ignored for precise/esm.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.29+esm11UNKNOWN
ubuntu16.04noarchphp7.0< 7.0.33-0ubuntu0.16.04.14UNKNOWN
ubuntu18.04noarchphp7.2< 7.2.24-0ubuntu0.18.04.4UNKNOWN
ubuntu19.10noarchphp7.3< 7.3.11-0ubuntu0.19.10.4UNKNOWN
ubuntu20.04noarchphp7.4< 7.4.3-4ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	php5	< 5.5.9+dfsg-1ubuntu4.29+esm11	UNKNOWN
ubuntu	16.04	noarch	php7.0	< 7.0.33-0ubuntu0.16.04.14	UNKNOWN
ubuntu	18.04	noarch	php7.2	< 7.2.24-0ubuntu0.18.04.4	UNKNOWN
ubuntu	19.10	noarch	php7.3	< 7.3.11-0ubuntu0.19.10.4	UNKNOWN
ubuntu	20.04	noarch	php7.4	< 7.4.3-4ubuntu1.1	UNKNOWN