High severity7.5NVD Advisory· Published Apr 27, 2020· Updated Jun 17, 2026
CVE-2020-7067
CVE-2020-7067
Description
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versions
>= 7.2.0, < 7.2.30+ 2 more
- (no CPE)range: >= 7.2.0, < 7.2.30
- (no CPE)range: >= 7.2.0, < 7.2.30
- (no CPE)range: >= 7.2.0, < 7.2.30
Patches
Vulnerability mechanics
References
7- www.tenable.com/security/tns-2021-14nvdPatchThird Party Advisory
- bugs.php.net/bug.phpnvdExploitVendor Advisory
- security.netapp.com/advisory/ntap-20200504-0001/nvdThird Party Advisory
- www.debian.org/security/2020/dsa-4717nvdThird Party Advisory
- www.debian.org/security/2020/dsa-4719nvdThird Party Advisory
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdNot ApplicableThird Party Advisory
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.