CVE-2020-7068

Summary

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP7.3.x < 7.3.21affected
PHP GroupPHP7.4.x < 7.4.9affected
PHP GroupPHP7.2.x < 7.2.33affected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CVE Program Container

Additional References

References