AmazonALAS-2020-1425Low: php72, php73
3.6 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
23.9%
Issue Overview:
The flaw is in phar_parse_zipfile() of ext/phar/zip.c. When processing a PHP archive file (phar), if a persistent entry is used as defined in php.ini, then memory pointed to by the actual_alias pointer is freed. Directly after the free, the actual_alias pointer is passed to zend_hash_str_add_ptr, where it is dereferenced. Prior to the function call, a copy of the memory pointed to by actual_alias is duplicated and assigned to the mydata->alias pointer. The patch simply uses the unfreed mydata->alias pointer as an argument to the zend_hash_add_str() call rather than the freed memory pointed to by actual_alias.
To trigger this flaw, an attacker needs to place a specially crafted file on the server’s filesystem and then load it with PHP. The attacker also needs a setting to be present in PHP’s configuration file. Due to this, the attack complexity is high as an attacker would need to find other flaws or already have admin access to the server machine to do this. (CVE-2020-7068)
Affected Packages:
php72, php73
Issue Correction:
Run yum update php72 to update your system.
Run yum update php73 to update your system.
New Packages:
i686:
php72-pgsql-7.2.33-1.25.amzn1.i686
php72-gd-7.2.33-1.25.amzn1.i686
php72-bcmath-7.2.33-1.25.amzn1.i686
php72-debuginfo-7.2.33-1.25.amzn1.i686
php72-recode-7.2.33-1.25.amzn1.i686
php72-pdo-dblib-7.2.33-1.25.amzn1.i686
php72-fpm-7.2.33-1.25.amzn1.i686
php72-process-7.2.33-1.25.amzn1.i686
php72-snmp-7.2.33-1.25.amzn1.i686
php72-tidy-7.2.33-1.25.amzn1.i686
php72-7.2.33-1.25.amzn1.i686
php72-gmp-7.2.33-1.25.amzn1.i686
php72-imap-7.2.33-1.25.amzn1.i686
php72-json-7.2.33-1.25.amzn1.i686
php72-mysqlnd-7.2.33-1.25.amzn1.i686
php72-intl-7.2.33-1.25.amzn1.i686
php72-devel-7.2.33-1.25.amzn1.i686
php72-odbc-7.2.33-1.25.amzn1.i686
php72-ldap-7.2.33-1.25.amzn1.i686
php72-dba-7.2.33-1.25.amzn1.i686
php72-opcache-7.2.33-1.25.amzn1.i686
php72-pspell-7.2.33-1.25.amzn1.i686
php72-embedded-7.2.33-1.25.amzn1.i686
php72-soap-7.2.33-1.25.amzn1.i686
php72-mbstring-7.2.33-1.25.amzn1.i686
php72-xml-7.2.33-1.25.amzn1.i686
php72-cli-7.2.33-1.25.amzn1.i686
php72-dbg-7.2.33-1.25.amzn1.i686
php72-xmlrpc-7.2.33-1.25.amzn1.i686
php72-enchant-7.2.33-1.25.amzn1.i686
php72-pdo-7.2.33-1.25.amzn1.i686
php72-common-7.2.33-1.25.amzn1.i686
php73-devel-7.3.21-1.28.amzn1.i686
php73-odbc-7.3.21-1.28.amzn1.i686
php73-dbg-7.3.21-1.28.amzn1.i686
php73-mbstring-7.3.21-1.28.amzn1.i686
php73-bcmath-7.3.21-1.28.amzn1.i686
php73-imap-7.3.21-1.28.amzn1.i686
php73-enchant-7.3.21-1.28.amzn1.i686
php73-pgsql-7.3.21-1.28.amzn1.i686
php73-common-7.3.21-1.28.amzn1.i686
php73-pspell-7.3.21-1.28.amzn1.i686
php73-xmlrpc-7.3.21-1.28.amzn1.i686
php73-snmp-7.3.21-1.28.amzn1.i686
php73-7.3.21-1.28.amzn1.i686
php73-process-7.3.21-1.28.amzn1.i686
php73-opcache-7.3.21-1.28.amzn1.i686
php73-intl-7.3.21-1.28.amzn1.i686
php73-fpm-7.3.21-1.28.amzn1.i686
php73-mysqlnd-7.3.21-1.28.amzn1.i686
php73-tidy-7.3.21-1.28.amzn1.i686
php73-pdo-7.3.21-1.28.amzn1.i686
php73-cli-7.3.21-1.28.amzn1.i686
php73-json-7.3.21-1.28.amzn1.i686
php73-gd-7.3.21-1.28.amzn1.i686
php73-dba-7.3.21-1.28.amzn1.i686
php73-pdo-dblib-7.3.21-1.28.amzn1.i686
php73-debuginfo-7.3.21-1.28.amzn1.i686
php73-gmp-7.3.21-1.28.amzn1.i686
php73-ldap-7.3.21-1.28.amzn1.i686
php73-soap-7.3.21-1.28.amzn1.i686
php73-embedded-7.3.21-1.28.amzn1.i686
php73-xml-7.3.21-1.28.amzn1.i686
php73-recode-7.3.21-1.28.amzn1.i686
src:
php72-7.2.33-1.25.amzn1.src
php73-7.3.21-1.28.amzn1.src
x86_64:
php72-ldap-7.2.33-1.25.amzn1.x86_64
php72-gd-7.2.33-1.25.amzn1.x86_64
php72-cli-7.2.33-1.25.amzn1.x86_64
php72-dbg-7.2.33-1.25.amzn1.x86_64
php72-pdo-dblib-7.2.33-1.25.amzn1.x86_64
php72-mysqlnd-7.2.33-1.25.amzn1.x86_64
php72-xmlrpc-7.2.33-1.25.amzn1.x86_64
php72-opcache-7.2.33-1.25.amzn1.x86_64
php72-json-7.2.33-1.25.amzn1.x86_64
php72-process-7.2.33-1.25.amzn1.x86_64
php72-mbstring-7.2.33-1.25.amzn1.x86_64
php72-recode-7.2.33-1.25.amzn1.x86_64
php72-bcmath-7.2.33-1.25.amzn1.x86_64
php72-snmp-7.2.33-1.25.amzn1.x86_64
php72-dba-7.2.33-1.25.amzn1.x86_64
php72-odbc-7.2.33-1.25.amzn1.x86_64
php72-common-7.2.33-1.25.amzn1.x86_64
php72-gmp-7.2.33-1.25.amzn1.x86_64
php72-7.2.33-1.25.amzn1.x86_64
php72-embedded-7.2.33-1.25.amzn1.x86_64
php72-devel-7.2.33-1.25.amzn1.x86_64
php72-xml-7.2.33-1.25.amzn1.x86_64
php72-tidy-7.2.33-1.25.amzn1.x86_64
php72-pdo-7.2.33-1.25.amzn1.x86_64
php72-soap-7.2.33-1.25.amzn1.x86_64
php72-imap-7.2.33-1.25.amzn1.x86_64
php72-debuginfo-7.2.33-1.25.amzn1.x86_64
php72-pgsql-7.2.33-1.25.amzn1.x86_64
php72-pspell-7.2.33-1.25.amzn1.x86_64
php72-fpm-7.2.33-1.25.amzn1.x86_64
php72-enchant-7.2.33-1.25.amzn1.x86_64
php72-intl-7.2.33-1.25.amzn1.x86_64
php73-process-7.3.21-1.28.amzn1.x86_64
php73-cli-7.3.21-1.28.amzn1.x86_64
php73-fpm-7.3.21-1.28.amzn1.x86_64
php73-mbstring-7.3.21-1.28.amzn1.x86_64
php73-pspell-7.3.21-1.28.amzn1.x86_64
php73-json-7.3.21-1.28.amzn1.x86_64
php73-enchant-7.3.21-1.28.amzn1.x86_64
php73-mysqlnd-7.3.21-1.28.amzn1.x86_64
php73-opcache-7.3.21-1.28.amzn1.x86_64
php73-7.3.21-1.28.amzn1.x86_64
php73-common-7.3.21-1.28.amzn1.x86_64
php73-soap-7.3.21-1.28.amzn1.x86_64
php73-xmlrpc-7.3.21-1.28.amzn1.x86_64
php73-intl-7.3.21-1.28.amzn1.x86_64
php73-debuginfo-7.3.21-1.28.amzn1.x86_64
php73-dbg-7.3.21-1.28.amzn1.x86_64
php73-pgsql-7.3.21-1.28.amzn1.x86_64
php73-dba-7.3.21-1.28.amzn1.x86_64
php73-embedded-7.3.21-1.28.amzn1.x86_64
php73-odbc-7.3.21-1.28.amzn1.x86_64
php73-tidy-7.3.21-1.28.amzn1.x86_64
php73-ldap-7.3.21-1.28.amzn1.x86_64
php73-pdo-dblib-7.3.21-1.28.amzn1.x86_64
php73-pdo-7.3.21-1.28.amzn1.x86_64
php73-xml-7.3.21-1.28.amzn1.x86_64
php73-devel-7.3.21-1.28.amzn1.x86_64
php73-bcmath-7.3.21-1.28.amzn1.x86_64
php73-gd-7.3.21-1.28.amzn1.x86_64
php73-snmp-7.3.21-1.28.amzn1.x86_64
php73-gmp-7.3.21-1.28.amzn1.x86_64
php73-recode-7.3.21-1.28.amzn1.x86_64
php73-imap-7.3.21-1.28.amzn1.x86_64
Additional References
Red Hat: CVE-2020-7068
Mitre: CVE-2020-7068
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | php72-pgsql | < 7.2.33-1.25.amzn1 | php72-pgsql-7.2.33-1.25.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php72-gd | < 7.2.33-1.25.amzn1 | php72-gd-7.2.33-1.25.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php72-bcmath | < 7.2.33-1.25.amzn1 | php72-bcmath-7.2.33-1.25.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php72-debuginfo | < 7.2.33-1.25.amzn1 | php72-debuginfo-7.2.33-1.25.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php72-recode | < 7.2.33-1.25.amzn1 | php72-recode-7.2.33-1.25.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php72-pdo-dblib | < 7.2.33-1.25.amzn1 | php72-pdo-dblib-7.2.33-1.25.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php72-fpm | < 7.2.33-1.25.amzn1 | php72-fpm-7.2.33-1.25.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php72-process | < 7.2.33-1.25.amzn1 | php72-process-7.2.33-1.25.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php72-snmp | < 7.2.33-1.25.amzn1 | php72-snmp-7.2.33-1.25.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | php72-tidy | < 7.2.33-1.25.amzn1 | php72-tidy-7.2.33-1.25.amzn1.i686.rpm |
Related
3.6 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
23.9%