NULL Byte Injection

2020-08-0621:35:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

PHP7 is vulnerable to NULL byte injection. While using get_headers() with user-supplied URL, if the URL contains null byte \0, the URL will be silently truncated. This causes certain software to make incorrect assumptions about the target of the get_headers() and potentially send confidential information to a wrong server.

CPENameOperatorVersion
php7eq7.2.27-r0
php7:3.11eq7.3.15-r0
rh-php73-phpeq7.3.11__1.el7
php7:edgeeq7.3.15-r2
php7eq7.2.27-r0
php7:3.11eq7.3.15-r0
rh-php73-phpeq7.3.11__1.el7
php7:edgeeq7.3.15-r2

Name	Operator	Version
php7	eq	7.2.27-r0
php7:3.11	eq	7.3.15-r0
rh-php73-php	eq	7.3.11__1.el7
php7:edge	eq	7.3.15-r2
php7	eq	7.2.27-r0
php7:3.11	eq	7.3.15-r0
rh-php73-php	eq	7.3.11__1.el7
php7:edge	eq	7.3.15-r2