Lucene search

K

Ubuntu.comUB:CVE-2020-7067

HistoryApr 27, 2020 - 12:00 a.m.

CVE-2020-7067

2020-04-2700:00:00

ubuntu.com

ubuntu.com

10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.3%

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below
7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode()
function can be made to access locations past the allocated memory, due to
erroneously using signed numbers as array indexes.

Bugs

<https://bugs.php.net/79465>

Notes

Author	Note
mdeslaur	only an issue when CHARSET_EBCDIC is defined, which isn’t the case on any Ubuntu platforms.

References

launchpad.net/bugs/cve/CVE-2020-7067

nvd.nist.gov/vuln/detail/CVE-2020-7067

security-tracker.debian.org/tracker/CVE-2020-7067

www.cve.org/CVERecord?id=CVE-2020-7067

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.3%

Related for UB:CVE-2020-7067

attackerkb1 nessus21 openvas10 ibm1 altlinux3 osv5 mageia1 debiancve1 hackerone1 veracode1 cve1 prion1 alpinelinux1 redhatcve1 debian5 amazon2 cloudlinux1 oracle1