CVE-2020-7061
heap-buffer-overflow in phar_extract_file
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
We have discovered 398,049 live websites that are affected by CVE-2020-7061.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 398,049 live websites (3.29% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7061 and the relative popularity of websitesDetails
- Published - Feb 17, 2020
- Updated - Jul 23, 2021
Credits
- Reported by [email protected]
CWE
CVE References
CWE References
Countries
 United States | 91,240 websites |
 France | 203,471 websites |
 Belgium | 9,390 websites |
 Poland | 8,817 websites |
 Russia | 8,548 websites |
 Italy | 7,813 websites |
 China | 7,010 websites |
 Spain | 6,653 websites |
 Germany | 6,282 websites |
 Canada | 5,238 websites |
TLDs
| .com | 183,934 websites |
| .fr | 91,234 websites |
| .org | 18,377 websites |
| .net | 11,543 websites |
| .be | 10,560 websites |
| .ru | 7,559 websites |
| .pl | 7,007 websites |
| .it | 6,028 websites |
| .eu | 4,242 websites |
| .es | 3,747 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2020-7061 through included software libraries and plugins.References
- https://bugs.php.net/bug.php?id=79171
- https://security.gentoo.org/glsa/202003-57
- https://www.tenable.com/security/tns-2021-14
Websites affected by CVE-2020-7061
Top websites that are affected by CVE-2020-7061. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | France | *,*** | |
| **********.com | France | *,*** | |
| ************.org | France | *,*** | |
| ***.******.com | France | *,*** | |
| *************.com |  GB | *,*** | |
| ***.***********.com | GB | **,*** | |
| ******.****.ru | Russia | **,*** | |
| *******.**.kr |  Korea, South | **,*** | |
| *******************.com | United States | **,*** | |
| **************.com | United States | **,*** |