CVE-2020-7068
Use of freed hash key in the phar_parse_zipfile functionIn PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
We have discovered 347,540 live websites that are affected by CVE-2020-7068.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 347,540 live websites (4.73% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 63 versions ( 12% of all versions) |
Common Weakness Enumeration
CWE-416 Use After FreeDetails
- Published - Sep 9, 2020
- Updated - Sep 17, 2024
Credits
- grigoritchy at gmail dot com
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2020-7068 United States | 117,220 websites |
 France | 126,296 websites |
 Germany | 10,937 websites |
 Russia | 10,439 websites |
 China | 10,021 websites |
 Japan | 6,322 websites |
 Poland | 5,741 websites |
 Netherlands | 5,712 websites |
 Italy | 4,880 websites |
 GB | 4,307 websites |
Website Distribution by TLD
Number of websites using CVE-2020-7068| .com | 124,367 websites |
| .ru | 67,741 websites |
| .fr | 51,727 websites |
| .org | 11,510 websites |
| .net | 9,855 websites |
| .be | 6,401 websites |
| .de | 5,766 websites |
| .pl | 5,468 websites |
| .it | 4,779 websites |
| .nl | 3,178 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-7068
Top websites that are affected by CVE-2020-7068. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *.cn | China | *,*** | |
| *****.pl | Poland | *,*** | |
| ****.neustar | United States | *,*** | |
| *********.com | China | *,*** | |
| ****.com | China | *,*** | |
| *****.com | United States | *,*** | |
| ******.com | France | *,*** | |
| **********.com | France | *,*** | |
| ***.****.gov | United States | *,*** | |
| *****.**.com | China | *,*** |
FAQ
CVE-2020-7068 is Use After Free in PHP
A total of 347,540 websites have been identified as vulnerable to CVE-2020-7068, based on global website indexing conducted by WebTechSurvey.
The PHP is affected by the CVE-2020-7068 vulnerability.
PHP versions up to 7.4.9 are vulnerable to CVE-2020-7068.
CVE-2020-7068 is resolved in version 7.4.9 of PHP.