CVE-2020-7061
heap-buffer-overflow in phar_extract_fileIn PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
We have discovered 141,544 live websites that are affected by CVE-2020-7061.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 141,544 live websites (1.94% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 18 versions ( 3.49% of all versions) |
Common Weakness Enumeration
CWE-125 Out-of-bounds ReadDetails
- Published - Feb 27, 2020
- Updated - Sep 17, 2024
Credits
- Reported by [email protected]
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2020-7061 United States | 11,615 websites |
 France | 96,277 websites |
 China | 4,268 websites |
 Russia | 4,089 websites |
 Poland | 3,691 websites |
 Germany | 2,560 websites |
 Italy | 2,265 websites |
 Spain | 2,229 websites |
 Japan | 1,683 websites |
 Belgium | 1,628 websites |
Website Distribution by TLD
Number of websites using CVE-2020-7061| .com | 54,876 websites |
| .fr | 40,282 websites |
| .org | 5,224 websites |
| .be | 4,766 websites |
| .net | 3,903 websites |
| .pl | 3,637 websites |
| .ru | 3,621 websites |
| .it | 2,678 websites |
| .eu | 1,948 websites |
| .es | 1,639 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-7061
Top websites that are affected by CVE-2020-7061. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | France | *,*** | |
| ******.com | France | *,*** | |
| *********.be | France | **,*** | |
| *********.fr | France | **,*** | |
| ****.*********.com | China | **,*** | |
| ***********.******.**.com | United States | **,*** | |
| ****.***********.com | United States | **,*** | |
| **********.*********.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| ****.com | France | **,*** |
FAQ
CVE-2020-7061 is Out-of-bounds Read in PHP
A total of 141,544 websites have been identified as vulnerable to CVE-2020-7061, based on global website indexing conducted by WebTechSurvey.
The PHP is affected by the CVE-2020-7061 vulnerability.
PHP versions up to 7.4.3 are vulnerable to CVE-2020-7061.
CVE-2020-7061 is resolved in version 7.4.3 of PHP.