Important: php73

Issue Overview: A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.1...

Ubuntu 16.04 ESM / 18.04 ESM : Oniguruma vulnerabilities (USN-5662-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5662-1 advisory. It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial...

K45991967: PHP vulnerability CVE-2020-7060

Security Advisory Description When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may...

PHP 7.3.x < 7.3.31 Path Traversal

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.31, 7.4.x prior to 7.4.24, or 8.x prior to 8.0.11. It is, therefore, affected by a path traversal via ZipArchive::extractTo. Note that the scanner has not tested for these issues b...

PHP 7.3.x < 7.3.28 Header Injection Vulnerability

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.28, 7.4.x prior to 7.4.18, or 8.x prior to 8.0.5. It is, therefore, affected by a header injection via imapmailcompose. Note that the scanner has not tested for these issues but ha...

PHP 7.3.x < 7.3.25 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.25 or 7.4.x prior to 7.4.13. It is, therefore, affected by multiple vulnerabilities as specified by the changelogs of the respective fixed releases. Note that the scanner has not...

PHP 7.3.x < 7.3.22 Memory Leak Vulnerability

According to its self-reported version number, the version of PHP running on the remote web server is 7.3.x prior to 7.3.22 or 7.4.x prior to 7.4.10. It is, therefore, affected by a memory leak vulnerability in the LDAP component. An unauthenticated, remote attacker could exploit this issue to...

CVE-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

CVE-2020-7068

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, pharparsezipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure...

CVE-2020-7065 mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mbstrtolower function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution...

CVE-2020-7064 Use-of-uninitialized-value in exif

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mbstrtolower function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution...

CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

PHP 7.3.x < 7.3.16 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.29, 7.3.x prior to 7.3.16, or 7.4.x prior to 7.4.4. It is, therefore, affected by multiple vulnerabilities: - An improper null termination exists in getheaders due to a silent truncation after a null byte...

CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mbstrtolower function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. Recent assessments:...

PHP 7.3.x < 7.3.15 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.28, 7.3.x prior to 7.3.15, or 7.4.x prior to 7.4.3. It is, therefore, affected by multiple vulnerabilities: - A heap buffer overflow exists in pharextractfile. CVE-2020-7061 - A null pointer dereference...

Amazon Linux AMI : php73 (ALAS-2020-1347)

The version of php73 installed on the remote host is prior to 7.3.14-1.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1347 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...