VYPR
Medium severity6.5NVD Advisory· Published Feb 27, 2020· Updated Jun 17, 2026

CVE-2020-7061

CVE-2020-7061

Description

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • PHP/PHPllm-fuzzy2 versions
    >=7.3.0, <7.3.15 || >=7.4.0, <7.4.3+ 1 more
    • (no CPE)range: >=7.3.0, <7.3.15 || >=7.4.0, <7.4.3
    • (no CPE)range: 7.3.x
  • osv-coords3 versions
    >= 7.2.0, < 7.2.28+ 2 more
    • (no CPE)range: >= 7.2.0, < 7.2.28
    • (no CPE)range: >= 7.2.0, < 7.2.28
    • (no CPE)range: >= 7.2.0, < 7.2.28

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.