Null Pointer Dereference in PHP Session Upload Progress
CVE-2020-7062

7.5HIGH

Key Information:

Vendor

PHP Group

Status
PHP
Vendor
CVE Published:
27 February 2020

What is CVE-2020-7062?

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

Affected Version(s)

PHP 7.3.x < 7.3.15

PHP 7.4.x < 7.4.3

PHP 7.2.x < 7.2.28

References

https://bugs.php.net/bug.php?id=79221
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
https://security.gentoo.org/glsa/202003-57
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Reported by [email protected]
.
CVE-2020-7062 : Null Pointer Dereference in PHP Session Upload Progress