CVE-2020-7059 in Ubuntu

CVE-2020-7059

Priority

Description

When using fgetss() function to read data with stripping tags, in PHP
versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is
possible to supply data that will cause this function to read past the
allocated buffer. This may lead to information disclosure or crash.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7059
https://ubuntu.com/security/notices/USN-4279-1

Bugs

https://bugs.php.net/79099

Assigned-to

leosilva

Notes

Package

Source: php5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (5.5.9+dfsg-1ubuntu4.29+esm10)

Patches:

Upstream:

https://github.com/microsoft/php-src/commit/9db5a8f58dd26d547cf530beeb41155d97e700f0

Package

Source: php7.0 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 16.04 ESM:	released (7.0.33-0ubuntu0.16.04.11)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: php7.2 (LP Ubuntu Debian)

Upstream:	released (7.2.27)
Ubuntu 18.04 LTS:	released (7.2.24-0ubuntu0.18.04.3)
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:

http://git.php.net/?p=php-src.git;a=commit;h=0f79b1bf301f455967676b5129240140c5c45b09

Package

Source: php7.3 (LP Ubuntu Debian)

Upstream:	released (7.3.14)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:	http://git.php.net/?p=php-src.git;a=commit;h=0f79b1bf301f455967676b5129240140c5c45b09
Upstream:	http://git.php.net/?p=php-src.git;a=commit;h=25ec7eb3463f34a2be666c6785d1c6b3cc89575e

More Information

Updated: 2022-04-13 14:22:30 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)