Back to search
CVE-2020-7069
Published: Oct 2, 2020
Modified: Sep 17, 2024
PUBLISHED
CVSS v3.1
5.4
MEDIUM
Description
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
| Vendor | Product | Versions |
|---|---|---|
PHP Group | PHP | affected 7.3.x - < 7.3.23affected 7.4.x - < 7.4.11affected 7.2.x - < 7.2.34 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
References
https://bugs.php.net/bug.php?id=79601
x_refsource_MISC
FEDORA-2020-4573f0e03a
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-4fe6b116e5
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-94763cb98b
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:1703
vendor-advisory
x_refsource_SUSE
USN-4583-1
vendor-advisory
x_refsource_UBUNTU
openSUSE-SU-2020:1767
vendor-advisory
x_refsource_SUSE
GLSA-202012-16
vendor-advisory
x_refsource_GENTOO
DSA-4856
vendor-advisory
x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20201016-0001/
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://www.tenable.com/security/tns-2021-14
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now