← Retour aux CVEs
CVE-2021-21704
MEDIUM5.0
Description
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
Details CVE
Score CVSS v3.15.0
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie10/4/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
netapp:clustered_data_ontapphp:php
Faiblesses (CWE)
CWE-125CWE-190CWE-787
References
https://bugs.php.net/bug.php?id=76448(security@php.net)
https://bugs.php.net/bug.php?id=76449(security@php.net)
https://bugs.php.net/bug.php?id=76450(security@php.net)
https://bugs.php.net/bug.php?id=76452(security@php.net)
https://security.gentoo.org/glsa/202209-20(security@php.net)
https://security.netapp.com/advisory/ntap-20211029-0006/(security@php.net)
https://bugs.php.net/bug.php?id=76448(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.php.net/bug.php?id=76449(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.php.net/bug.php?id=76450(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.php.net/bug.php?id=76452(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202209-20(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20211029-0006/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.