SB2020032006 - Multiple vulnerabilities in PHP

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2020-7064)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within exif_read_data() PHP function. A remote attacker can pass specially crafted data to the application that uses the vulnerable function, trigger one byte out-of-bounds read error and read contents of memory on the system.

2) Input validation error (CVE-ID: CVE-2020-7066)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to get_headers() PHP function silently truncates headers after receiving a NULL byte character. A remote attacker can abuse this behavior to bypass implemented security restrictions with in the application.

3) Stack-based buffer overflow (CVE-ID: CVE-2020-7065)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within php_unicode_tolower_full() function, as demonstrated by the mb_strtolower() call. A remote attacker can pass specially crafted data to the application that uses affected function, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://bugs.php.net/bug.php?id=79282
• https://www.php.net/ChangeLog-7.php#7.2.29
• https://www.php.net/ChangeLog-7.php#7.3.16
• https://www.php.net/ChangeLog-7.php#7.4.4
• https://bugs.php.net/bug.php?id=79329
• https://bugs.php.net/bug.php?id=79371