{"id":"USN-5006-1","summary":"php7.2, php7.4 vulnerabilities","details":"It was discovered that PHP incorrectly handled certain PHAR files. A remote\nattacker could possibly use this issue to cause PHP to crash, resulting in\na denial of service, or possibly obtain sensitive information. This issue\nonly affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068)\n\nIt was discovered that PHP incorrectly handled parsing URLs with passwords.\nA remote attacker could possibly use this issue to cause PHP to mis-parse\nthe URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-7071)\n\nIt was discovered that PHP incorrectly handled certain malformed XML data\nwhen being parsed by the SOAP extension. A remote attacker could possibly\nuse this issue to cause PHP to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu\n20.10. (CVE-2021-21702)\n\nIt was discovered that PHP incorrectly handled the pdo_firebase module. A\nremote attacker could possibly use this issue to cause PHP to crash,\nresulting in a denial of service. (CVE-2021-21704)\n\nIt was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL\ncheck. A remote attacker could possibly use this issue to perform a server-\nside request forgery attack. (CVE-2021-21705)\n","modified":"2026-04-22T10:15:24.753732Z","published":"2021-07-07T12:11:57Z","related":["UBUNTU-CVE-2020-7068","UBUNTU-CVE-2020-7071","UBUNTU-CVE-2021-21702","UBUNTU-CVE-2021-21704","UBUNTU-CVE-2021-21705"],"upstream":["CVE-2020-7068","CVE-2020-7071","CVE-2021-21702","CVE-2021-21704","CVE-2021-21705","UBUNTU-CVE-2020-7068","UBUNTU-CVE-2020-7071","UBUNTU-CVE-2021-21702","UBUNTU-CVE-2021-21704","UBUNTU-CVE-2021-21705"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5006-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-7068"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-7071"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-21702"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-21704"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-21705"}],"affected":[{"package":{"name":"php7.2","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/php7.2@7.2.24-0ubuntu0.18.04.8?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.24-0ubuntu0.18.04.8"}]}],"versions":["7.2.1-1ubuntu2","7.2.2-1ubuntu1","7.2.2-1ubuntu2","7.2.3-1ubuntu1","7.2.5-0ubuntu0.18.04.1","7.2.7-0ubuntu0.18.04.1","7.2.7-0ubuntu0.18.04.2","7.2.10-0ubuntu0.18.04.1","7.2.15-0ubuntu0.18.04.1","7.2.15-0ubuntu0.18.04.2","7.2.17-0ubuntu0.18.04.1","7.2.19-0ubuntu0.18.04.1","7.2.19-0ubuntu0.18.04.2","7.2.24-0ubuntu0.18.04.1","7.2.24-0ubuntu0.18.04.2","7.2.24-0ubuntu0.18.04.3","7.2.24-0ubuntu0.18.04.4","7.2.24-0ubuntu0.18.04.6","7.2.24-0ubuntu0.18.04.7"],"ecosystem_specific":{"binaries":[{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"libapache2-mod-php7.2"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"libphp7.2-embed"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-bcmath"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-bz2"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-cgi"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-cli"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-common"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-curl"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-dba"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-enchant"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-fpm"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-gd"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-gmp"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-imap"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-interbase"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-intl"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-json"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-ldap"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-mbstring"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-mysql"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-odbc"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-opcache"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-pgsql"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-phpdbg"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-pspell"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-readline"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-recode"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-snmp"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-soap"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-sqlite3"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-sybase"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-tidy"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-xml"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-xmlrpc"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-xsl"},{"binary_version":"7.2.24-0ubuntu0.18.04.8","binary_name":"php7.2-zip"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2020-7068","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-7071","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-21702","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-21704","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-21705","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5006-1.json"}},{"package":{"name":"php7.4","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/php7.4@7.4.3-4ubuntu2.5?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.4.3-4ubuntu2.5"}]}],"versions":["7.4.3-4build1","7.4.3-4build2","7.4.3-4ubuntu1","7.4.3-4ubuntu1.1","7.4.3-4ubuntu2.2","7.4.3-4ubuntu2.4"],"ecosystem_specific":{"binaries":[{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"libapache2-mod-php7.4"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"libphp7.4-embed"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-bcmath"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-bz2"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-cgi"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-cli"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-common"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-curl"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-dba"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-enchant"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-fpm"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-gd"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-gmp"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-imap"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-interbase"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-intl"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-json"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-ldap"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-mbstring"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-mysql"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-odbc"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-opcache"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-pgsql"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-phpdbg"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-pspell"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-readline"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-snmp"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-soap"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-sqlite3"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-sybase"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-tidy"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-xml"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-xmlrpc"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-xsl"},{"binary_version":"7.4.3-4ubuntu2.5","binary_name":"php7.4-zip"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2020-7068","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-7071","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-21702","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-21704","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-21705","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5006-1.json"}}],"schema_version":"1.7.5"}