### [CVE-2020-7068](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068)
![](https://img.shields.io/static/v1?label=Product&message=PHP&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.3.x%3C%207.3.21%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen)

### Description

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

### POC

#### Reference
- https://bugs.php.net/bug.php?id=79797
- https://bugs.php.net/bug.php?id=79797

#### Github
- https://github.com/404notf0und/CVE-Flow
- https://github.com/ARPSyndicate/cvemon