Lucene search

K
cvelistPhpCVELIST:CVE-2020-7059
HistoryJan 21, 2020 - 12:00 a.m.

CVE-2020-7059 OOB read in php_strip_tags_ex

2020-01-2100:00:00
CWE-125
php
www.cve.org
1

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.1%

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

CNA Affected

[
  {
    "product": "PHP",
    "vendor": "PHP Group",
    "versions": [
      {
        "lessThan": "7.2.27",
        "status": "affected",
        "version": "7.2.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3.14",
        "status": "affected",
        "version": "7.3.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.4.2",
        "status": "affected",
        "version": "7.4.x",
        "versionType": "custom"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.1%