{"id":"CVE-2020-7067","details":"In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.","aliases":["BIT-libphp-2020-7067","BIT-php-2020-7067","BIT-php-min-2020-7067"],"modified":"2026-05-18T13:48:47.885457Z","published":"2020-04-27T21:15:14.593Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"}]},{"cpes":["cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"oracle:communications_diameter_signaling_router","extracted_events":[{"introduced":"8.0.0.0"},{"last_affected":"8.4.0.5"}]},{"cpes":["cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"tenable:tenable.sc","extracted_events":[{"fixed":"5.19.0"}]}]},"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200504-0001/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4717"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4719"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"FIX","url":"https://www.tenable.com/security/tns-2021-14"},{"type":"EVIDENCE","url":"https://bugs.php.net/bug.php?id=79465"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"8148cbb78841c8ec0759c0836e7f35dec799d300"},{"fixed":"a516aa0d2c75a2e3dd9214fb75c2a16c1c534a82"},{"introduced":"52ace952a1b65ca80fc2617f11c2fa6dd03f51bd"},{"fixed":"2c0d56cc150ada2355319c418c0c6e8321ef7b0f"},{"introduced":"3c7824e16ec4c3cee417262445d2c2b66531c10f"},{"fixed":"ab4d1893fa762f1d73601de2644963a7501b1c95"}],"database_specific":{"cpe":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"7.2.0"},{"fixed":"7.2.30"},{"introduced":"7.3.0"},{"fixed":"7.3.17"},{"introduced":"7.4.0"},{"fixed":"7.4.5"}]}}],"database_specific":{"vanir_signatures":[{"source":"https://github.com/php/php-src/commit/2c0d56cc150ada2355319c418c0c6e8321ef7b0f","id":"CVE-2020-7067-1cafb47a","deprecated":false,"signature_version":"v1","digest":{"function_hash":"40565887675130562443727052077638606803","length":475},"target":{"function":"php_raw_url_decode","file":"ext/standard/url.c"},"signature_type":"Function"},{"source":"https://github.com/php/php-src/commit/2c0d56cc150ada2355319c418c0c6e8321ef7b0f","id":"CVE-2020-7067-96d24e0b","deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["229641027241768780455332400035790589213","325167784308788717541731998735878028213","192017146838867819246149091574669861050","149578118580867487196755427987601782041","229641027241768780455332400035790589213","325167784308788717541731998735878028213","192017146838867819246149091574669861050","149578118580867487196755427987601782041"]},"target":{"file":"ext/standard/url.c"},"signature_type":"Line"},{"source":"https://github.com/php/php-src/commit/2c0d56cc150ada2355319c418c0c6e8321ef7b0f","id":"CVE-2020-7067-b285b1b5","deprecated":false,"signature_version":"v1","digest":{"function_hash":"181543715275648914325665755639281675361","length":518},"target":{"function":"php_url_decode","file":"ext/standard/url.c"},"signature_type":"Function"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7067.json","vanir_signatures_modified":"2026-05-18T13:48:47Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}