{"api_version":"1","generated_at":"2026-04-23T00:39:48+00:00","cve":"CVE-2020-7060","urls":{"html":"https://cve.report/CVE-2020-7060","api":"https://cve.report/api/cve/CVE-2020-7060.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-7060","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-7060"},"summary":{"title":"CVE-2020-7060","description":"When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.","state":"PUBLIC","assigner":"security@php.net","published_at":"2020-02-10 08:15:00","updated_at":"2022-07-01 12:33:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html","name":"[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2124-1] php5 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2020/Feb/27","name":"20200218 [SECURITY] [DSA 4626-1] php7.3 security update","refsource":"BUGTRAQ","tags":[],"title":"Bugtraq: [SECURITY] [DSA 4626-1] php7.3 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","name":"https://www.oracle.com/security-alerts/cpujul2020.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2020","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html","name":"openSUSE-SU-2020:0341","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:0341-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202003-57","name":"GLSA-202003-57","refsource":"GENTOO","tags":[],"title":"PHP: Multiple vulnerabilities (GLSA 202003-57) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.tenable.com/security/tns-2021-14","name":"https://www.tenable.com/security/tns-2021-14","refsource":"CONFIRM","tags":[],"title":"[R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2020/dsa-4628","name":"DSA-4628","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4628-1 php7.0","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2020/dsa-4626","name":"DSA-4626","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4626-1 php7.3","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2021/Jan/3","name":"20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update","refsource":"BUGTRAQ","tags":[],"title":"Bugtraq: Re: [SECURITY] [DSA 4628-1] php7.0 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20200221-0002/","name":"https://security.netapp.com/advisory/ntap-20200221-0002/","refsource":"CONFIRM","tags":[],"title":"February 2020 PHP Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4279-1/","name":"USN-4279-1","refsource":"UBUNTU","tags":[],"title":"USN-4279-1: PHP vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2020/Feb/31","name":"20200219 [SECURITY] [DSA 4628-1] php7.0 security update","refsource":"BUGTRAQ","tags":[],"title":"Bugtraq: [SECURITY] [DSA 4628-1] php7.0 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.php.net/bug.php?id=79037","name":"https://bugs.php.net/bug.php?id=79037","refsource":"MISC","tags":["Exploit","Patch","Vendor Advisory"],"title":"PHP :: Sec Bug #79037 :: global buffer-overflow in `mbfl_filt_conv_big5_wchar`","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-7060","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7060","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Reported by reza at iseclab dot org","lang":""}],"nvd_cpes":[{"cve_year":"2020","cve_id":"7060","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7060","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7060","vulnerable":"1","versionEndIncluding":"8.4","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_diameter_signaling_router","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7060","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7060","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"7060","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"tenable.sc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-7060","qid":"296076","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 19.3.0 Missing (CPUJAN2020)"},{"cve":"CVE-2020-7060","qid":"501135","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2020-7060","qid":"752878","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4067-1)"},{"cve":"CVE-2020-7060","qid":"940250","title":"AlmaLinux Security Update for php:7.3 (ALSA-2020:3662)"},{"cve":"CVE-2020-7060","qid":"960421","title":"Rocky Linux Security Update for php:7.3 (RLSA-2020:3662)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"security@php.net","DATE_PUBLIC":"2020-01-21T15:21:00.000Z","ID":"CVE-2020-7060","STATE":"PUBLIC","TITLE":"global buffer-overflow in mbfl_filt_conv_big5_wchar"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"PHP","version":{"version_data":[{"version_affected":"<","version_name":"7.2.x","version_value":"7.2.27"},{"version_affected":"<","version_name":"7.3.x","version_value":"7.3.14"},{"version_affected":"<","version_name":"7.4.x","version_value":"7.4.2"}]}}]},"vendor_name":"PHP Group"}]}},"credit":[{"lang":"eng","value":"Reported by reza at iseclab dot org"}],"description":{"description_data":[{"lang":"eng","value":"When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-125 Out-of-bounds Read"}]}]},"references":{"reference_data":[{"refsource":"BUGTRAQ","name":"20200218 [SECURITY] [DSA 4626-1] php7.3 security update","url":"https://seclists.org/bugtraq/2020/Feb/27"},{"refsource":"DEBIAN","name":"DSA-4626","url":"https://www.debian.org/security/2020/dsa-4626"},{"refsource":"UBUNTU","name":"USN-4279-1","url":"https://usn.ubuntu.com/4279-1/"},{"refsource":"DEBIAN","name":"DSA-4628","url":"https://www.debian.org/security/2020/dsa-4628"},{"refsource":"BUGTRAQ","name":"20200219 [SECURITY] [DSA 4628-1] php7.0 security update","url":"https://seclists.org/bugtraq/2020/Feb/31"},{"refsource":"MLIST","name":"[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update","url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0341","url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"},{"refsource":"GENTOO","name":"GLSA-202003-57","url":"https://security.gentoo.org/glsa/202003-57"},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20200221-0002/","url":"https://security.netapp.com/advisory/ntap-20200221-0002/"},{"refsource":"MISC","url":"https://bugs.php.net/bug.php?id=79037","name":"https://bugs.php.net/bug.php?id=79037"},{"refsource":"BUGTRAQ","name":"20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update","url":"https://seclists.org/bugtraq/2021/Jan/3"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"refsource":"CONFIRM","name":"https://www.tenable.com/security/tns-2021-14","url":"https://www.tenable.com/security/tns-2021-14"}]},"source":{"defect":["https://bugs.php.net/bug.php?id=79037"],"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2020-02-10 08:15:00","lastModifiedDate":"2022-07-01 12:33:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":6.4},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.27","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndExcluding":"7.3.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*","versionEndExcluding":"5.19.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0","versionEndIncluding":"8.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"7060","Ordinal":"167331","Title":"CVE-2020-7060","CVE":"CVE-2020-7060","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"7060","Ordinal":"1","NoteData":"When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"7060","Ordinal":"2","NoteData":"2020-02-10","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"7060","Ordinal":"3","NoteData":"2021-07-22","Type":"Other","Title":"Modified"}]}}}