CVE-2020-7062
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in PHP's file upload progress tracking feature. When upload progress tracking is enabled with cleanup disabled and a file upload fails, PHP attempts to clean up non-existent data, causing a crash. This affects PHP applications with file upload functionality running vulnerable PHP versions.
💻 Affected Systems
- PHP
📦 What is this software?
Leap by Opensuse
Php by Php
Php by Php
Php by Php
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Denial of service causing PHP process crashes, potentially disrupting web application availability and file upload functionality.
Likely Case
Intermittent crashes of PHP processes when file uploads fail under specific configurations, leading to service disruption.
If Mitigated
No impact if proper PHP versions are used or if upload progress tracking is disabled.
🎯 Exploit Status
Exploitation requires ability to trigger file upload failures with specific PHP configuration. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: PHP 7.2.28, 7.3.15, 7.4.3 or later
Vendor Advisory: https://bugs.php.net/bug.php?id=79221
Restart Required: Yes
Instructions:
1. Update PHP to version 7.2.28+, 7.3.15+, or 7.4.3+ using your distribution's package manager. 2. Restart PHP-FPM or web server (Apache/Nginx). 3. Verify the update with php -v.
🔧 Temporary Workarounds
Disable upload progress tracking
linuxSet session.upload_progress.enabled = Off in php.ini to prevent the vulnerable code path
sed -i 's/^session.upload_progress.enabled = On/session.upload_progress.enabled = Off/' /etc/php/*/php.ini
Enable upload cleanup
linuxEnsure session.upload_progress.cleanup = On (default) to avoid the null pointer condition
sed -i 's/^session.upload_progress.cleanup = 0/session.upload_progress.cleanup = 1/' /etc/php/*/php.ini
🧯 If You Can't Patch
- Disable file upload functionality in affected applications
- Implement web application firewall rules to block or limit file upload attempts
🔍 How to Verify
Check if Vulnerable:
Check PHP version with php -v and verify configuration: grep -E 'session.upload_progress.(enabled|cleanup)' /etc/php/*/php.iniCheck Version:
php -v | head -1Verify Fix Applied:
Confirm PHP version is 7.2.28+, 7.3.15+, or 7.4.3+ with php -v📡 Detection & Monitoring
Log Indicators:
- PHP segmentation fault errors in system logs
- Web server error logs showing PHP process crashes during file uploads
Network Indicators:
- HTTP 500 errors following file upload attempts
- Unusual patterns of failed file upload requests
SIEM Query:
source="*php*" AND ("segmentation fault" OR "null pointer" OR "upload_progress")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
- https://bugs.php.net/bug.php?id=79221
- https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html
- https://security.gentoo.org/glsa/202003-57
- https://usn.ubuntu.com/4330-1/
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- https://www.tenable.com/security/tns-2021-14
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html
- https://bugs.php.net/bug.php?id=79221
- https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html
- https://security.gentoo.org/glsa/202003-57
- https://usn.ubuntu.com/4330-1/
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- https://www.tenable.com/security/tns-2021-14
