In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
07 Nov 2023, 03:25
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-10-02 15:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-7069
Mitre link : CVE-2020-7069
CVE.ORG link : CVE-2020-7069
JSON object : View
Products Affected
oracle
- communications_diameter_signaling_router
opensuse
- leap
php
- php
netapp
- clustered_data_ontap
tenable
- tenable.sc
debian
- debian_linux
canonical
- ubuntu_linux
fedoraproject
- fedora