VDB
DEBIAN-CVE-2020-7068
DEBIAN-CVE-2020-7068
PUBLISHED
CVSS 3.5999999046325684 LOW
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
Risk Scores
CVSS 3.1
3.5999999046325684
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | php7.4 | 0, 0, 0 |
Exploit Intelligence
- Rapport_149185019.html (github-poc)
Timeline
- Sep 9, 2020 CVE Published
- Apr 28, 2026 CVE Updated