cvelist/2020/7xxx/CVE-2020-7059.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ASSIGNER": "security@php.net",
        "ID": "CVE-2020-7059",
        "DATE_PUBLIC": "2020-01-21T15:21:00.000Z",
        "STATE": "PUBLIC",
        "TITLE": "OOB read in php_strip_tags_ex"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "PHP",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "7.2.x",
                                            "version_value": "7.2.27"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "7.3.x",
                                            "version_value": "7.3.14"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "7.4.x",
                                            "version_value": "7.4.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "PHP Group"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Reported by wxhusst at gmail dot com"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "When using fgetss() function to read data with stripping tags,  in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.\n\n"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-125 Out-of-bounds Read"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "url": "https://bugs.php.net/bug.php?id=79099"
            }
        ]
    },
    "source": {
        "defect": [
            "https://bugs.php.net/bug.php?id=79099"
        ],
        "discovery": "EXTERNAL"
    },
    "work_around": [
        {
            "lang": "eng",
            "value": "Usage of fgetss() has been DEPRECATED as of PHP 7.3.0. Please use strip_tags() or other means sanitizing HTML code. "
        }
    ]
}
"-Synchronized-Data." 2020-01-15 15:01:05 +00:00			`{`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
CVEs for PHP from January 2020 2020-02-09 23:38:42 -08:00			`"ASSIGNER": "security@php.net",`
"-Synchronized-Data." 2020-01-15 15:01:05 +00:00			`"ID": "CVE-2020-7059",`
CVEs for PHP from January 2020 2020-02-09 23:38:42 -08:00			`"DATE_PUBLIC": "2020-01-21T15:21:00.000Z",`
			`"STATE": "PUBLIC",`
			`"TITLE": "OOB read in php_strip_tags_ex"`
"-Synchronized-Data." 2020-01-15 15:01:05 +00:00			`},`
CVEs for PHP from January 2020 2020-02-09 23:38:42 -08:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "PHP",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "7.2.x",`
			`"version_value": "7.2.27"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "7.3.x",`
			`"version_value": "7.3.14"`
			`},`
			`{`
			`"version_affected": "<",`
			`"version_name": "7.4.x",`
			`"version_value": "7.4.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "PHP Group"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Reported by wxhusst at gmail dot com"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-01-15 15:01:05 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
CVEs for PHP from January 2020 2020-02-09 23:38:42 -08:00			`"value": "When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.\n\n"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-125 Out-of-bounds Read"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "CONFIRM",`
			`"url": "https://bugs.php.net/bug.php?id=79099"`
"-Synchronized-Data." 2020-01-15 15:01:05 +00:00			`}`
			`]`
CVEs for PHP from January 2020 2020-02-09 23:38:42 -08:00			`},`
			`"source": {`
			`"defect": [`
			`"https://bugs.php.net/bug.php?id=79099"`
			`],`
			`"discovery": "EXTERNAL"`
			`},`
			`"work_around": [`
			`{`
			`"lang": "eng",`
			`"value": "Usage of fgetss() has been DEPRECATED as of PHP 7.3.0. Please use strip_tags() or other means sanitizing HTML code. "`
			`}`
			`]`
"-Synchronized-Data." 2020-01-15 15:01:05 +00:00			`}`