Package php7-opcache updated to version 7.2.30-alt1.1 for branch p8 in task 250407.

Published: 2020-04-14

BDU:2020-05806

Уязвимость функции urldecode() интерпретатора языка программирования PHP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2020-7067

Published: 2020-04-28
Modified: 2024-11-21

CVE-2020-7067

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Version: 2.1.0

Package php7-opcache update in p8 on 2020-04-24

ALT-PU-2020-1876-1

Closed vulnerabilities

BDU:2020-05806

CVE-2020-7067