Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-7061
CVE-2020-7061:
PHP vulnerability analysis and mitigation
Overview
CVE-2020-7061 affects PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3. The vulnerability was discovered in the PHAR extension when extracting PHAR files on Windows systems, where certain content inside the PHAR file could lead to a one-byte read past the allocated buffer (CVE Mitre, NVD).
Technical details
The vulnerability manifests as a heap buffer overflow caused by an incorrect loop termination in the phar_extract_file() function when running on Windows systems. The issue occurs specifically during the PHAR file extraction process, where the code reads one byte beyond the allocated memory buffer (PHP Bug).
Impact
This vulnerability could potentially lead to information disclosure or system crashes when exploited. The issue affects the PHAR extension functionality specifically on Windows systems (CVE Mitre).
Mitigation and workarounds
Users should upgrade to PHP versions 7.3.15 or later for the 7.3.x branch, or 7.4.3 or later for the 7.4.x branch. The vulnerability has been fixed in these versions (Gentoo Security).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management