← volver
CVE-2020-7059

OOB read in php_strip_tags_ex

CVSS 6.5 MEDIUMEPSS 7.4%CWE-125
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Productos afectados
PHP Group · PHP

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.htmlhttps://bugs.php.net/bug.php?id=79099https://lists.debian.org/debian-lts-announce/2020/02/msg00030.htmlhttps://seclists.org/bugtraq/2020/Feb/27https://seclists.org/bugtraq/2020/Feb/31https://seclists.org/bugtraq/2021/Jan/3https://security.gentoo.org/glsa/202003-57https://security.netapp.com/advisory/ntap-20200221-0002/https://usn.ubuntu.com/4279-1/https://www.debian.org/security/2020/dsa-4626https://www.debian.org/security/2020/dsa-4628https://www.oracle.com/security-alerts/cpuApr2021.html