admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/7xxx/CVE-2020-7059.json
CVE Team c4bbb47246
"-Synchronized-Data."
2020-07-15 03:02:07 +00:00

163 lines
5.8 KiB
JSON
Raw Blame History

{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"ID": "CVE-2020-7059",
"DATE_PUBLIC": "2020-01-21T15:21:00.000Z",
"STATE": "PUBLIC",
"TITLE": "OOB read in php_strip_tags_ex"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.2.x",
"version_value": "7.2.27"
},
{
"version_affected": "<",
"version_name": "7.3.x",
"version_value": "7.3.14"
},
{
"version_affected": "<",
"version_name": "7.4.x",
"version_value": "7.4.2"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by wxhusst at gmail dot com"
}
],
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
"url": "https://seclists.org/bugtraq/2020/Feb/27"
},
{
"refsource": "DEBIAN",
"name": "DSA-4626",
"url": "https://www.debian.org/security/2020/dsa-4626"
},
{
"refsource": "UBUNTU",
"name": "USN-4279-1",
"url": "https://usn.ubuntu.com/4279-1/"
},
{
"refsource": "DEBIAN",
"name": "DSA-4628",
"url": "https://www.debian.org/security/2020/dsa-4628"
},
{
"refsource": "BUGTRAQ",
"name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
"url": "https://seclists.org/bugtraq/2020/Feb/31"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0341",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202003-57",
"url": "https://security.gentoo.org/glsa/202003-57"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=79099",
"name": "https://bugs.php.net/bug.php?id=79099"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200221-0002/",
"url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=79099"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Usage of fgetss() has been DEPRECATED as of PHP 7.3.0. Please use strip_tags() or other means sanitizing HTML code. "
}
]
}
Reference in New Issue View Git Blame Copy Permalink