Bug 1808532 (CVE-2020-7062) - CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress
Summary: CVE-2020-7062 php: NULL pointer dereference in PHP session upload progress
Keywords:
Status: NEW
Alias: CVE-2020-7062
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1810227 1810228 1810229 1808533 1810225 1810226
Blocks: 1808539
TreeView+ depends on / blocked
 
Reported: 2020-02-28 18:19 UTC by Guilherme de Almeida Suckevicz
Modified: 2020-03-04 19:17 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-02-28 18:19:40 UTC
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

Reference:
https://bugs.php.net/bug.php?id=79221

Comment 1 Guilherme de Almeida Suckevicz 2020-02-28 18:20:00 UTC
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1808533]

Comment 2 Marco Benatto 2020-03-04 18:23:57 UTC
Upstream commit for this issue:
http://git.php.net/?p=php-src.git;a=commit;h=d76f7c6c636b8240e06a1fa29eebb98ad005008a


Note You need to log in before you can comment on or make changes to this bug.