Details of VAR-202102-1477

ID

VAR-202102-1477

CVE

CVE-2021-21702

TITLE

PHP In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003789

DESCRIPTION

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. PHP Has NULL A pointer dereference vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A security issue was found in PHP prior to 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in versions 8.0.2, 7.4.15 and 7.3.27. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: May 26, 2021 Bugs: #764314, #768756, #788892 ID: 202105-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Background ========== PHP is an open source general-purpose scripting language that is especially suited for web development. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 8.0.6 >= 7.3.28:7.3 >= 7.4.19:7.4 >= 8.0.6:8.0 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers and bugs referenced below for details. Impact ====== Please review the referenced CVE identifiers and bugs for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 7.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.28:7.3" All PHP 7.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.19:7.4" All PHP 8.0.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-8.0.6:8.0" References ========== [ 1 ] CVE-2020-7071 https://nvd.nist.gov/vuln/detail/CVE-2020-7071 [ 2 ] CVE-2021-21702 https://nvd.nist.gov/vuln/detail/CVE-2021-21702 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202105-23 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5006-1 July 07, 2021 php7.2, php7.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in PHP. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068) It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2021-21702) It was discovered that PHP incorrectly handled the pdo_firebase module. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21704) It was discovered that PHP incorrectly handled the FILTER_VALIDATE_URL check. A remote attacker could possibly use this issue to perform a server- side request forgery attack. (CVE-2021-21705) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: libapache2-mod-php7.4 7.4.16-1ubuntu2.1 php7.4-cgi 7.4.16-1ubuntu2.1 php7.4-cli 7.4.16-1ubuntu2.1 php7.4-fpm 7.4.16-1ubuntu2.1 Ubuntu 20.10: libapache2-mod-php7.4 7.4.9-1ubuntu1.2 php7.4-cgi 7.4.9-1ubuntu1.2 php7.4-cli 7.4.9-1ubuntu1.2 php7.4-fpm 7.4.9-1ubuntu1.2 Ubuntu 20.04 LTS: libapache2-mod-php7.4 7.4.3-4ubuntu2.5 php7.4-cgi 7.4.3-4ubuntu2.5 php7.4-cli 7.4.3-4ubuntu2.5 php7.4-fpm 7.4.3-4ubuntu2.5 Ubuntu 18.04 LTS: libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.8 php7.2-cgi 7.2.24-0ubuntu0.18.04.8 php7.2-cli 7.2.24-0ubuntu0.18.04.8 php7.2-fpm 7.2.24-0ubuntu0.18.04.8 In general, a standard system update will make all the necessary changes. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2021:2992-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2992 Issue date: 2021-08-03 CVE Names: CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21705 ==================================================================== 1. Summary: An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.29). (BZ#1977764) Security Fix(es): * php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069) * php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071) * php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705) * php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068) * php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070) * php: NULL pointer dereference in SoapClient (CVE-2021-21702) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function 1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV 1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server 1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo 1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient 1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z] 1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php73-php-7.3.29-1.el7.src.rpm ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-php73-php-7.3.29-1.el7.src.rpm ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php73-php-7.3.29-1.el7.src.rpm x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-7068 https://access.redhat.com/security/cve/CVE-2020-7069 https://access.redhat.com/security/cve/CVE-2020-7070 https://access.redhat.com/security/cve/CVE-2020-7071 https://access.redhat.com/security/cve/CVE-2021-21702 https://access.redhat.com/security/cve/CVE-2021-21705 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV Wy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C 2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW tWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2 T/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw AGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW 4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz obgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH x85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd WCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq ZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25 OwqKXJAGJYo=waMi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (buster), these problems have been fixed in version 7.3.27-1~deb10u1. We recommend that you upgrade your php7.3 packages. For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8 TjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef PCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH DAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3 AWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl 8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv /lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY YDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En vzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR 0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd 622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX lbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ= =9Q7e -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2021-21702 // JVNDB: JVNDB-2021-003789 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380106 // VULMON: CVE-2021-21702 // PACKETSTORM: 162799 // PACKETSTORM: 163491 // PACKETSTORM: 163432 // PACKETSTORM: 164839 // PACKETSTORM: 163727 // PACKETSTORM: 168990

AFFECTED PRODUCTS

vendor:	php	model:	php	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	7.4.15	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	7.3.27	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	8.0.2	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.3.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.5.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	-	version:	-	Trust: 0.8
vendor:	the php group	model:	php	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-003789 // NVD: CVE-2021-21702

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21702
value:	HIGH
Trust: 1.0
security@php.net:	CVE-2021-21702
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21702
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202102-409
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380106
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21702
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21702
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380106
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21702
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
security@php.net:	CVE-2021-21702
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21702
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380106 // VULMON: CVE-2021-21702 // JVNDB: JVNDB-2021-003789 // CNNVD: CNNVD-202102-409 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-21702 // NVD: CVE-2021-21702

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.1
problemtype:	NULL Pointer dereference (CWE-476) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380106 // JVNDB: JVNDB-2021-003789 // NVD: CVE-2021-21702

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 163491 // PACKETSTORM: 163432 // CNNVD: CNNVD-202102-409

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202102-409

PATCH

title:	NTAP-20210312-0005 The PHP GroupPHP Bugs	url:	https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html	Trust: 0.8
title:	Arch Linux Advisories: [ASA-202102-14] php7: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202102-14	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202102-15] php: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202102-15	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202102-16] php: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202102-16	Trust: 0.1
title:	Debian Security Advisories: DSA-4856-1 php7.3 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=02a4cb271948bb2c8ad70e07948c2253	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-21702 log	Trust: 0.1
title:	Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-14	Trust: 0.1

sources: VULMON: CVE-2021-21702 // JVNDB: JVNDB-2021-003789

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21702	Trust: 3.2
db:	TENABLE	id:	TNS-2021-14	Trust: 2.5
db:	PACKETSTORM	id:	164839	Trust: 0.8
db:	PACKETSTORM	id:	162799	Trust: 0.8
db:	PACKETSTORM	id:	163432	Trust: 0.8
db:	PACKETSTORM	id:	163491	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-003789	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-409	Trust: 0.7
db:	PACKETSTORM	id:	163727	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0704	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2366	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3787	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0956	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2608	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0651	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.6055	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2410	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2515	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0608	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0619	Trust: 0.6
db:	CS-HELP	id:	SB2021080321	Trust: 0.6
db:	CS-HELP	id:	SB2021052618	Trust: 0.6
db:	CS-HELP	id:	SB2021072292	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-380106	Trust: 0.1
db:	VULMON	id:	CVE-2021-21702	Trust: 0.1
db:	PACKETSTORM	id:	168990	Trust: 0.1

sources: VULHUB: VHN-380106 // VULMON: CVE-2021-21702 // JVNDB: JVNDB-2021-003789 // PACKETSTORM: 162799 // PACKETSTORM: 163491 // PACKETSTORM: 163432 // PACKETSTORM: 164839 // PACKETSTORM: 163727 // PACKETSTORM: 168990 // CNNVD: CNNVD-202102-409 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-21702

REFERENCES

url:	https://www.tenable.com/security/tns-2021-14	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21702	Trust: 2.0
url:	https://www.debian.org/security/2021/dsa-4856	Trust: 1.9
url:	https://security.gentoo.org/glsa/202105-23	Trust: 1.9
url:	https://security.netapp.com/advisory/ntap-20210312-0005/	Trust: 1.8
url:	https://bugs.php.net/bug.php?id=80672	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7071	Trust: 0.6
url:	https://vigilance.fr/vulnerability/php-null-pointer-dereference-via-soapclient-34488	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0608	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0619	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2608	Trust: 0.6
url:	https://packetstormsecurity.com/files/164839/red-hat-security-advisory-2021-4213-03.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072292	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2515	Trust: 0.6
url:	https://packetstormsecurity.com/files/163727/red-hat-security-advisory-2021-2992-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0956	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0704	Trust: 0.6
url:	https://packetstormsecurity.com/files/162799/gentoo-linux-security-advisory-202105-23.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0651	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3787	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2366	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2410	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6055	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052618	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080321	Trust: 0.6
url:	https://packetstormsecurity.com/files/163432/ubuntu-security-notice-usn-5006-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/163491/ubuntu-security-notice-usn-5006-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7068	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21705	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7069	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7070	Trust: 0.3
url:	https://ubuntu.com/security/notices/usn-5006-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21704	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7070	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7069	Trust: 0.2
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-21702	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7071	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-7068	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/476.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://security.archlinux.org/asa-202102-14	Trust: 0.1
url:	https://security.archlinux.org/cve-2021-21702	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5006-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.4/7.4.16-1ubuntu2.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.8	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.4/7.4.9-1ubuntu1.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.5	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4213	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21705	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2992	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/php7.3	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.2

sources: PACKETSTORM: 163491 // PACKETSTORM: 163432

SOURCES

db:	VULHUB	id:	VHN-380106
db:	VULMON	id:	CVE-2021-21702
db:	JVNDB	id:	JVNDB-2021-003789
db:	PACKETSTORM	id:	162799
db:	PACKETSTORM	id:	163491
db:	PACKETSTORM	id:	163432
db:	PACKETSTORM	id:	164839
db:	PACKETSTORM	id:	163727
db:	PACKETSTORM	id:	168990
db:	CNNVD	id:	CNNVD-202102-409
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-21702

LAST UPDATE DATE

2024-08-14T12:41:12.322000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380106	date:	2021-12-10T00:00:00
db:	VULMON	id:	CVE-2021-21702	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-003789	date:	2021-11-04T08:52:00
db:	CNNVD	id:	CNNVD-202102-409	date:	2022-11-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-21702	date:	2021-12-10T17:58:26.910

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380106	date:	2021-02-15T00:00:00
db:	VULMON	id:	CVE-2021-21702	date:	2021-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-003789	date:	2021-11-04T00:00:00
db:	PACKETSTORM	id:	162799	date:	2021-05-26T17:27:04
db:	PACKETSTORM	id:	163491	date:	2021-07-14T14:58:12
db:	PACKETSTORM	id:	163432	date:	2021-07-07T16:15:26
db:	PACKETSTORM	id:	164839	date:	2021-11-10T17:05:06
db:	PACKETSTORM	id:	163727	date:	2021-08-03T14:47:43
db:	PACKETSTORM	id:	168990	date:	2021-02-28T20:12:00
db:	CNNVD	id:	CNNVD-202102-409	date:	2021-02-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-21702	date:	2021-02-15T04:15:12.673