FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php72 -- use of freed hash key

Affected packages
		php72	<	7.2.33
		php73	<	7.3.21
		php74	<	7.4.9

Details

VuXML ID	ee261034-b95e-4479-b947-08b0877e029f
Discovery	2020-07-06
Entry	2020-08-27

grigoritchy at gmail dot com reports:

The phar_parse_zipfile function had use-after-free vulnerability because of mishandling of the actual_alias variable.

[source]

References

CVE Name	CVE-2020-7068
URL	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.