In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: php
Published: 2020-09-09T17:58:42.837584Z
Updated: 2024-09-17T00:36:03.824Z
Reserved: 2020-01-15T00:00:00
Link: CVE-2020-7068
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-09-09T18:15:23.400
Modified: 2024-11-21T05:36:36.680
Link: CVE-2020-7068
Redhat