Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

Related bugs and status

CVE-2020-7069 (Candidate) is related to these bugs:

Bug #1887826: CURLFile POST missing Content-Length header

		In	Importance	Status
1887826	CURLFile POST missing Content-Length header	php7.4 (Ubuntu)	Medium	Fix Released
1887826	CURLFile POST missing Content-Length header	php7.4 (Ubuntu Focal)	Medium	Fix Released
1887826	CURLFile POST missing Content-Length header	php	Unknown	Unknown

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.php.net/b...
FEDORA: FEDORA-2020-4573f0e03a
FEDORA: FEDORA-2020-4fe6b116e5
FEDORA: FEDORA-2020-94763cb98b
CONFIRM: https://security.netap...
SUSE: openSUSE-SU-2020:1703
UBUNTU: USN-4583-1
SUSE: openSUSE-SU-2020:1767
GENTOO: GLSA-202012-16
DEBIAN: DSA-4856
MISC: https://www.oracle.com...
CONFIRM: https://www.tenable.co...
MISC: https://www.oracle.com...