cve/CVE-2020-7067.md at eda58812c5773678e9432b65209fee245db925e7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

POC

Reference

https://bugs.php.net/bug.php?id=79465
https://bugs.php.net/bug.php?id=79465
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

Github

https://github.com/0xbigshaq/php7-internals
https://github.com/RClueX/Hackerone-Reports
https://github.com/imhunterand/hackerone-publicy-disclosed
https://github.com/vincd/search-cve

1.3 KiB Raw Blame History

CVE-2020-7067

Description

POC

Reference

Github

1.3 KiB

Raw Blame History