Lucene search
Veracode Vulnerability DatabaseVERACODE:26199HistoryAug 06, 2020 - 9:35 p.m.
Denial Of Service (DoS)
2020-08-0621:35:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
0.007 Low
EPSS
Percentile
80.8%
PHP is vulnerable to denial of service (DoS). When using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php7 | eq | 7.2.27-r0 | |
| rh-php73-php | eq | 7.3.11__1.el7 | |
| php7 | eq | 7.2.27-r0 | |
| rh-php73-php | eq | 7.3.11__1.el7 |
References
lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
bugs.php.net/bug.php?id=79221
lists.debian.org/debian-lts-announce/2020/03/msg00034.html
security.gentoo.org/glsa/202003-57
usn.ubuntu.com/4330-1/
www.debian.org/security/2020/dsa-4717
www.debian.org/security/2020/dsa-4719
www.tenable.com/security/tns-2021-14
Related
osv
osv
BIT-php-2020-7062
2024-03-06 11:07:23
CVE-2020-7062
2020-02-27 21:15:19
php5 - security update
2020-03-26 00:00:00
redhatcve
redhatcve
CVE-2020-7062
2020-02-28 18:40:50
prion
prion
Null pointer dereference
2020-02-27 21:15:00
debiancve
debiancve
CVE-2020-7062
2020-02-27 21:15:19
ubuntucve
ubuntucve
CVE-2020-7062
2020-02-27 00:00:00
cvelist
cvelist
CVE-2020-7062 Null Pointer Dereference in PHP Session Upload Progress
2020-02-17 00:00:00
cve
cve
CVE-2020-7062
2020-02-27 21:15:19
alpinelinux
alpinelinux
CVE-2020-7062
2020-02-27 21:15:19
nvd
nvd
CVE-2020-7062
2020-02-27 21:15:19
f5
f5
K21121402 : PHP vulnerability CVE-2020-7062
2020-03-11 00:00:00
nessus
nessus
SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0647-1)
2020-03-12 00:00:00
SUSE SLES12 Security Update : php5 (SUSE-SU-2020:0658-1)
2020-03-13 00:00:00
Debian DLA-2160-1 : php5 security update
2020-03-27 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2160-1)
2020-03-27 00:00:00
PHP < 7.2.28 Multiple Vulnerabilities (Feb 2020) - Windows
2020-02-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0647-1)
2021-06-09 00:00:00
debian
debian
[SECURITY] [DLA 2160-1] php5 security update
2020-03-26 21:25:08
[SECURITY] [DSA 4717-1] php7.0 security update
2020-07-05 14:35:07
[SECURITY] [DSA 4717-1] php7.0 security update
2020-07-05 14:35:07
altlinux
altlinux
Security fix for the ALT Linux 8 package php7 version 7.2.28-alt1
2020-02-25 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 7.3.15-alt1
2020-02-20 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.3.15-alt1
2020-02-20 00:00:00
amazon
amazon
Medium: php72
2020-03-09 19:20:00
Medium: php73
2020-03-09 19:20:00
ibm
ibm
fedora
fedora
[SECURITY] Fedora 30 Update: php-7.3.15-1.fc30
2020-02-27 16:46:03
[SECURITY] Fedora 31 Update: php-7.3.15-1.fc31
2020-02-27 17:33:13
mageia
mageia
Updated php packages fix bugs and security vulnerabilities
2020-03-06 19:13:58
suse
suse
Security update for php7 (important)
2020-03-15 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2020-04-15 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2020-03-26 00:00:00
redhat
redhat
almalinux
almalinux
Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
rocky
rocky
php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
oraclelinux
oraclelinux
php:7.3 security, bug fix, and enhancement update
2020-09-09 00:00:00