CVE-2020-7068
Use of freed hash key in the phar_parse_zipfile function
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
We have discovered 684,803 live websites that are affected by CVE-2020-7068.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 684,803 live websites (5.66% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7068 and the relative popularity of websitesDetails
- Published - Aug 3, 2020
- Updated - Jul 23, 2021
Credits
- grigoritchy at gmail dot com
CWE
CVE References
CWE References
Countries
 United States | 134,960 websites |
 France | 252,388 websites |
 Russia | 71,672 websites |
 China | 22,748 websites |
 Germany | 18,424 websites |
 Italy | 14,234 websites |
 Poland | 14,083 websites |
 Belgium | 12,267 websites |
 Spain | 12,010 websites |
 Japan | 11,784 websites |
TLDs
| .com | 276,748 websites |
| .fr | 112,113 websites |
| .ru | 67,842 websites |
| .org | 27,913 websites |
| .net | 19,519 websites |
| .be | 13,637 websites |
| .de | 11,655 websites |
| .pl | 11,009 websites |
| .it | 10,606 websites |
| .nl | 7,788 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2020-7068 through included software libraries and plugins.References
- https://bugs.php.net/bug.php?id=79797
- https://security.gentoo.org/glsa/202009-10
- https://security.netapp.com/advisory/ntap-20200918-0005/
- https://www.debian.org/security/2021/dsa-4856
- https://www.tenable.com/security/tns-2021-14
Websites affected by CVE-2020-7068
Top websites that are affected by CVE-2020-7068. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.cz |  Czech Republic | *,*** | |
| *.cn | China | *,*** | |
| ***.*.cn | China | *,*** | |
| ***.*****.pl | Poland | *,*** | |
| *******.com | Germany | *,*** | |
| *****.***.cn | China | *,*** | |
| ***.*****.***.cn | China | *,*** | |
| *****.cn | China | *,*** | |
| ***.*****.cn | China | *,*** | |
| ***.*********.com | China | *,*** |