php is vulnerable to information disclosure. The vulnerability exists as the DirectoryIterator
class accepts filenames with embedded \0
byte and treats them as terminating at that byte.
CPE | Name | Operator | Version |
---|---|---|---|
rh-php73-php | eq | 7.3.11__1.el7 |
lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.6_release_notes/
access.redhat.com/errata/RHSA-2020:5275
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=78863
lists.debian.org/debian-lts-announce/2019/12/msg00034.html
lists.fedoraproject.org/archives/list/[email protected]/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/
lists.fedoraproject.org/archives/list/[email protected]/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/
seclists.org/bugtraq/2020/Feb/27
seclists.org/bugtraq/2020/Feb/31
seclists.org/bugtraq/2021/Jan/3
security.netapp.com/advisory/ntap-20200103-0002/
usn.ubuntu.com/4239-1/
www.debian.org/security/2020/dsa-4626
www.debian.org/security/2020/dsa-4628