CVE-2020-7066 get_headers() silently truncates after a null byte

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

CVE-2020-7066

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

CVE-2020-7066

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

CVE-2020-7066

CVE-2020-7066 (PHP) : get_headers() with a user-supplied URL can truncate at a NULL byte, causing target confusion and possible data leakage to a wrong server. Affected: PHP 7.2.x < 7.2.29, 7.3.x < 7.3.16, 7.4.x

Updated php packages fix security vulnerability

Critical bugs closed: - Use-of-uninitialized-value in exif 1 - mbstrtolower UTF-32LE: stack-buffer-overflow at phpunicodetolowerfull 2 - getheaders silently truncates after a null byte 3 Some more bugs closed, as: - Memory corruption in pregreplace/pregreplacecallback and unicode -...

PHP 7.2.x < 7.2.29 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.29. It is, therefore, affected by multiple vulnerabilities: - A NULL pointer de-reference flaw exists in PHP's Exif component due to its implementation attempting to use uninitialized bytes. An...

PHP 7.3.x < 7.3.16 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.16. It is, therefore, affected by the following vulnerabilities: - An out of bounds read resulting in the use of an uninitialized value in exif. CVE-2020-7064 - A stack buffer overflow in mbstrtolow...

PHP 7.2.x < 7.2.29 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.29, 7.3.x prior to 7.3.16, or 7.4.x prior to 7.4.4. It is, therefore, affected by multiple vulnerabilities: - An improper null termination exists in getheaders due to a silent truncation after a null byte...

PHP < 7.2.29 Multiple Vulnerabilities (Mar 2020) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP < 7.2.29 Multiple Vulnerabilities (Mar 2020) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...