CVE-2020-7061

heap-based buffer overflow in phar_extract_file

Publication Date	2020-01-26
Severity	Low
Type	Information Disclosure
Affected PHP Versions	7.3.0 - 7.3.14 7.4.0 - 7.4.2
Fixed Product Versions	ZendPHP 5.6 ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendServer 2019.0.4

CVE Details

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using the phar extension, certain content inside a PHAR file could lead to reading one-byte past the allocated buffer. This could potentially lead to information disclosure or crash.

Recommendations

Upgrade to PHP 7.3.15 or higher, or 7.4.3 or higher.

< View all CVEs

Featured Product

ZendPHP

2025 PHP Landscape Report

CVE Details

Recommendations