ID

VAR-202110-1577


CVE

CVE-2021-21703


TITLE

PHP  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014233

DESCRIPTION

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. PHP Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security issue was found in PHP prior to 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root. ========================================================================= Ubuntu Security Notice USN-5125-1 October 27, 2021 php5, php7.0, php7.2, php7.4, php8.0 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: PHP-PFM in PHP could be made to run program as an administrator if it received specially crafted input. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: php8.0-fpm 8.0.8-1ubuntu0.1 Ubuntu 21.04: php7.4-fpm 7.4.16-1ubuntu2.2 Ubuntu 20.04 LTS: php7.4-fpm 7.4.3-4ubuntu2.7 Ubuntu 18.04 LTS: php7.2-fpm 7.2.24-0ubuntu0.18.04.10 Ubuntu 16.04 ESM: php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm2 Ubuntu 14.04 ESM: php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm15 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #799776, #810526, #819510, #833585, #850772, #857054 ID: 202209-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Background ========= PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 7.4.30:7.4 >= 7.4.30:7.4 < 8.0.23:8.0 >= 8.0.23:8.0 < 8.1.8:8.1 >= 8.1.8:8.1 Description ========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All PHP 7.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-7.4.30:7.4" All PHP 8.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-8.0.23:8.0" All PHP 8.1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-8.1.8:8.1" References ========= [ 1 ] CVE-2021-21703 https://nvd.nist.gov/vuln/detail/CVE-2021-21703 [ 2 ] CVE-2021-21704 https://nvd.nist.gov/vuln/detail/CVE-2021-21704 [ 3 ] CVE-2021-21705 https://nvd.nist.gov/vuln/detail/CVE-2021-21705 [ 4 ] CVE-2021-21708 https://nvd.nist.gov/vuln/detail/CVE-2021-21708 [ 5 ] CVE-2022-31625 https://nvd.nist.gov/vuln/detail/CVE-2022-31625 [ 6 ] CVE-2022-31626 https://nvd.nist.gov/vuln/detail/CVE-2022-31626 [ 7 ] CVE-2022-31627 https://nvd.nist.gov/vuln/detail/CVE-2022-31627 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-php73-php security and bug fix update Advisory ID: RHSA-2022:5491-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:5491 Issue date: 2022-07-04 CVE Names: CVE-2021-21703 CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 ==================================================================== 1. Summary: An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: password of excessive length triggers buffer overflow leading to RCE (CVE-2022-31626) * php: Local privilege escalation via PHP-FPM (CVE-2021-21703) * php: special character breaks path in xml parsing (CVE-2021-21707) * php: uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rh-php73: rebase to 7.3.33 (BZ#2100753) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2016535 - CVE-2021-21703 php: Local privilege escalation via PHP-FPM 2026045 - CVE-2021-21707 php: special character breaks path in xml parsing 2098521 - CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE 2098523 - CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE 2100753 - rh-php73: rebase to 7.3.33 [rhscl-3.8.z] 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php73-php-7.3.33-1.el7.src.rpm ppc64le: rh-php73-php-7.3.33-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.33-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.33-1.el7.ppc64le.rpm rh-php73-php-common-7.3.33-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.33-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.33-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.33-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.33-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.33-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.33-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.33-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.33-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.33-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.33-1.el7.ppc64le.rpm rh-php73-php-json-7.3.33-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.33-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.33-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.33-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.33-1.el7.ppc64le.rpm rh-php73-php-process-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.33-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.33-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.33-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.33-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.33-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.33-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.33-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.33-1.el7.s390x.rpm rh-php73-php-cli-7.3.33-1.el7.s390x.rpm rh-php73-php-common-7.3.33-1.el7.s390x.rpm rh-php73-php-dba-7.3.33-1.el7.s390x.rpm rh-php73-php-dbg-7.3.33-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.33-1.el7.s390x.rpm rh-php73-php-devel-7.3.33-1.el7.s390x.rpm rh-php73-php-embedded-7.3.33-1.el7.s390x.rpm rh-php73-php-enchant-7.3.33-1.el7.s390x.rpm rh-php73-php-fpm-7.3.33-1.el7.s390x.rpm rh-php73-php-gd-7.3.33-1.el7.s390x.rpm rh-php73-php-gmp-7.3.33-1.el7.s390x.rpm rh-php73-php-intl-7.3.33-1.el7.s390x.rpm rh-php73-php-json-7.3.33-1.el7.s390x.rpm rh-php73-php-ldap-7.3.33-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.33-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.s390x.rpm rh-php73-php-odbc-7.3.33-1.el7.s390x.rpm rh-php73-php-opcache-7.3.33-1.el7.s390x.rpm rh-php73-php-pdo-7.3.33-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.33-1.el7.s390x.rpm rh-php73-php-process-7.3.33-1.el7.s390x.rpm rh-php73-php-pspell-7.3.33-1.el7.s390x.rpm rh-php73-php-recode-7.3.33-1.el7.s390x.rpm rh-php73-php-snmp-7.3.33-1.el7.s390x.rpm rh-php73-php-soap-7.3.33-1.el7.s390x.rpm rh-php73-php-xml-7.3.33-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.s390x.rpm rh-php73-php-zip-7.3.33-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.33-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm rh-php73-php-common-7.3.33-1.el7.x86_64.rpm rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm rh-php73-php-json-7.3.33-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm rh-php73-php-process-7.3.33-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php73-php-7.3.33-1.el7.src.rpm x86_64: rh-php73-php-7.3.33-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm rh-php73-php-common-7.3.33-1.el7.x86_64.rpm rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm rh-php73-php-json-7.3.33-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm rh-php73-php-process-7.3.33-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-21703 https://access.redhat.com/security/cve/CVE-2021-21707 https://access.redhat.com/security/cve/CVE-2022-31625 https://access.redhat.com/security/cve/CVE-2022-31626 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYsLehtzjgjWX9erEAQiwyQ/+PV7nIzWZKjc+4JLfk/tF6u19j7lmxgo/ rXR/9UyeBFTas8Nd+19Q2xgJdEDheHED74zskj6lsMW8V8v7DEwP3QfbBrmsWAKl HMahWfYEh6ZhpNMAxR1bc+z243unsHXb94b2Ed7oTNFewRxdkga1K+uhhvewfYaw +yycxRapynaD0SUqtP6KDFirpX14iobazHynhVbiE1KMAv9pIkYlCLJmktnR18Pp 8UFEyGO05tovQqe38+9oVAFxnfq7f/NTmrIJAOuYcS5Lu0B9g4yMrWWiL4XjmL3U YWHhPm5dSRWXaKGF2JtCsQ7kShFcHj7pXnBQsoRT3GYimuYuZnR9fd3p6i1EUU6c 6oE8Uu5D2dH1iEdYtewohgTGYkUz/IBT+f0d9Z6k0aQdroOGgczjBm8nc7pV580G 3ksyFzk58rOyPDlslrF0OtN2Xdq3Vn2InS/EJeT6d1v0OMMn8Voezg7jE28jT/qx 5tDKv98T4qD+IiurXBr/PFEFkZxMzKFOo6MVtkIpLuJjPf2Guy/8vO6KjUiR0ANE GLtzbThZrV6js/vurZr0oc7h+UdgcgVm69XlcUVi7rHij7WC0UOlbF0pYM+b805c HU8AYV8+9FxSB88w49p2eg1iIn0CNfKi2YQL2Gyr4T9L09Eiuf/y/HrgwLg66t4X 4AC7K4v+QQw=KI2M -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For the oldstable distribution (buster), this problem has been fixed in version 7.3.31-1~deb10u1. We recommend that you upgrade your php7.3 packages. For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmF3EohfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QTzBAAgt5HqxH7k7LMTK1tnwY2HXoNB9avYOwLrZbuox+D6hU9RO0en+3phMK1 2rwREhAwwvbt2SuqmGOnxnLHfpvuS31ufHmLaiGVsGPJL3qAy3t/w3DZ1euZf60A MLbHuLElmA6PuPnsnQbzNb28PfTFjkYt2u0nRSU4R1Te78mZg4tw/IlrCUAeHOUJ /7AuTpv7zTCP765YqEgqJfg5lL+NhsAxrZ//6Zx7hDvqb1VIc3vHKpC/DJWP56XS YVmGILhEZIY33ixGdQR6/uW0VrvW0AELzveVpiOZVZcGYJH2j2V2xW7cTcPZXiyO hBbnBDHPi+PyH8I461J9RLw/8dJpU6zn+I2w5RSmMhVk+swjkBTiBLbyeOfp5mBS 7wCPyEBUYGD6AiWG96qfpn2/ACHyY+ndrMWabtCfgRGkwcb2kqRhQ4Ai3nYSZm1l 3XDdNIg+Ywtf7NRwblBVlvJ4egy8tj0ERB9wigd2av1buHl6Ji6xRvePYHShm6xi C02qTL7cFfKmTxfk0HdwtUu0zYc9qKZb9VAcPwiwqTbgWXWbnTLivBoIJ1iubQsU kOpzH41nt7vlmaFb6Q5HCGNdrwIQ3CwavFdnIfF7YCV9tN7qJwI61KsBcGM6l5hW 1oCvUbEyeaaVNl2REsDNqtzJE154Prd//3pwShMNHlHcxwf+LV8= =1d/J -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section

Trust: 2.34

sources: NVD: CVE-2021-21703 // JVNDB: JVNDB-2021-014233 // VULHUB: VHN-380107 // VULMON: CVE-2021-21703 // PACKETSTORM: 164698 // PACKETSTORM: 168579 // PACKETSTORM: 167696 // PACKETSTORM: 169134 // PACKETSTORM: 167076 // PACKETSTORM: 169145

AFFECTED PRODUCTS

vendor:phpmodel:phpscope:gteversion:8.0.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0.2

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:7.4.0

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:8.0.12

Trust: 1.0

vendor:phpmodel:phpscope:gteversion:7.3.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:phpmodel:phpscope:ltversion:7.4.25

Trust: 1.0

vendor:phpmodel:phpscope:lteversion:7.3.31

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications diameter signaling routerscope: - version: -

Trust: 0.8

vendor:the php groupmodel:phpscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014233 // NVD: CVE-2021-21703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21703
value: HIGH

Trust: 1.0

security@php.net: CVE-2021-21703
value: HIGH

Trust: 1.0

NVD: CVE-2021-21703
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202110-1514
value: HIGH

Trust: 0.6

VULHUB: VHN-380107
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-21703
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21703
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-380107
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21703
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

security@php.net: CVE-2021-21703
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.1
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-21703
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380107 // VULMON: CVE-2021-21703 // JVNDB: JVNDB-2021-014233 // CNNVD: CNNVD-202110-1514 // NVD: CVE-2021-21703 // NVD: CVE-2021-21703

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-284

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380107 // JVNDB: JVNDB-2021-014233 // NVD: CVE-2021-21703

THREAT TYPE

local

Trust: 0.9

sources: PACKETSTORM: 168579 // PACKETSTORM: 169134 // PACKETSTORM: 169145 // CNNVD: CNNVD-202110-1514

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1514

PATCH

title:Oracle Critical Patch Update Advisory - April 2022 Oracle Critical Patch Updateurl:https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html

Trust: 0.8

title:PHP Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=167359

Trust: 0.6

title:Debian CVElist Bug Report Logs: php: CVE-2021-21703url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=367f4c4a333e1f2558606fc0c7ade7c4

Trust: 0.1

title:Debian Security Advisories: DSA-4993-1 php7.3 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=3bb2d2714d0d0b836ca271ce2aa4d17c

Trust: 0.1

title:Debian Security Advisories: DSA-4992-1 php7.4 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a0d33242f30774b0a2380ec202d367da

Trust: 0.1

title:Red Hat: Important: rh-php73-php security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225491 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-21703 log

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-21703

Trust: 0.1

title: - url:https://github.com/Henzau/WEB-NMAP

Trust: 0.1

sources: VULMON: CVE-2021-21703 // JVNDB: JVNDB-2021-014233 // CNNVD: CNNVD-202110-1514

EXTERNAL IDS

db:NVDid:CVE-2021-21703

Trust: 4.0

db:OPENWALLid:OSS-SECURITY/2021/10/26/7

Trust: 2.6

db:PACKETSTORMid:164698

Trust: 0.8

db:PACKETSTORMid:167696

Trust: 0.8

db:PACKETSTORMid:167076

Trust: 0.8

db:PACKETSTORMid:168579

Trust: 0.8

db:JVNDBid:JVNDB-2021-014233

Trust: 0.8

db:CS-HELPid:SB2022051153

Trust: 0.6

db:CS-HELPid:SB2022012745

Trust: 0.6

db:CS-HELPid:SB2021102719

Trust: 0.6

db:CS-HELPid:SB2021102621

Trust: 0.6

db:CS-HELPid:SB2022070644

Trust: 0.6

db:AUSCERTid:ESB-2021.4126

Trust: 0.6

db:AUSCERTid:ESB-2021.3963

Trust: 0.6

db:AUSCERTid:ESB-2021.3540

Trust: 0.6

db:AUSCERTid:ESB-2022.6055

Trust: 0.6

db:AUSCERTid:ESB-2022.0898

Trust: 0.6

db:AUSCERTid:ESB-2022.3253

Trust: 0.6

db:AUSCERTid:ESB-2021.3601

Trust: 0.6

db:CNNVDid:CNNVD-202110-1514

Trust: 0.6

db:VULHUBid:VHN-380107

Trust: 0.1

db:VULMONid:CVE-2021-21703

Trust: 0.1

db:PACKETSTORMid:169134

Trust: 0.1

db:PACKETSTORMid:169145

Trust: 0.1

sources: VULHUB: VHN-380107 // VULMON: CVE-2021-21703 // JVNDB: JVNDB-2021-014233 // PACKETSTORM: 164698 // PACKETSTORM: 168579 // PACKETSTORM: 167696 // PACKETSTORM: 169134 // PACKETSTORM: 167076 // PACKETSTORM: 169145 // CNNVD: CNNVD-202110-1514 // NVD: CVE-2021-21703

REFERENCES

url:http://www.openwall.com/lists/oss-security/2021/10/26/7

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-21703

Trust: 2.0

url:https://www.debian.org/security/2021/dsa-4993

Trust: 1.9

url:https://security.gentoo.org/glsa/202209-20

Trust: 1.9

url:https://security.netapp.com/advisory/ntap-20211118-0003/

Trust: 1.8

url:https://www.debian.org/security/2021/dsa-4992

Trust: 1.8

url:https://bugs.php.net/bug.php?id=81026

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html

Trust: 1.8

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6pzvliczujmxogwouwsbaegivtf6y6v3/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jo5ra6yobgggklia6f6bqrzddecf5l3r/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pbm3kkb3ry2ypoknmc4hih7ih3t3wc74/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6pzvliczujmxogwouwsbaegivtf6y6v3/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pbm3kkb3ry2ypoknmc4hih7ih3t3wc74/

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jo5ra6yobgggklia6f6bqrzddecf5l3r/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2021-21703

Trust: 0.8

url:https://packetstormsecurity.com/files/168579/gentoo-linux-security-advisory-202209-20.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164698/ubuntu-security-notice-usn-5125-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/167696/red-hat-security-advisory-2022-5491-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/167076/red-hat-security-advisory-2022-1935-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3601

Trust: 0.6

url:https://vigilance.fr/vulnerability/php-read-write-access-via-fpm-36691

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3540

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4126

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3963

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012745

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102719

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051153

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6055

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3253

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102621

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0898

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070644

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-31625

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-31626

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-21705

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://www.debian.org/security/faq

Trust: 0.2

url:https://www.debian.org/security/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-21703

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997003

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.archlinux.org/cve-2021-21703

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5125-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.7

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php7.4/7.4.16-1ubuntu2.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.10

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.1

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-31627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21704

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21708

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-31626

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21707

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5491

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-31625

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21707

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://security-tracker.debian.org/tracker/php7.3

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21705

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1935

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://security-tracker.debian.org/tracker/php7.4

Trust: 0.1

sources: VULHUB: VHN-380107 // VULMON: CVE-2021-21703 // JVNDB: JVNDB-2021-014233 // PACKETSTORM: 164698 // PACKETSTORM: 168579 // PACKETSTORM: 167696 // PACKETSTORM: 169134 // PACKETSTORM: 167076 // PACKETSTORM: 169145 // CNNVD: CNNVD-202110-1514 // NVD: CVE-2021-21703

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 167696 // PACKETSTORM: 167076

SOURCES

db:VULHUBid:VHN-380107
db:VULMONid:CVE-2021-21703
db:JVNDBid:JVNDB-2021-014233
db:PACKETSTORMid:164698
db:PACKETSTORMid:168579
db:PACKETSTORMid:167696
db:PACKETSTORMid:169134
db:PACKETSTORMid:167076
db:PACKETSTORMid:169145
db:CNNVDid:CNNVD-202110-1514
db:NVDid:CVE-2021-21703

LAST UPDATE DATE

2024-08-14T12:36:48.800000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380107date:2022-10-29T00:00:00
db:VULMONid:CVE-2021-21703date:2022-10-29T00:00:00
db:JVNDBid:JVNDB-2021-014233date:2022-10-11T06:21:00
db:CNNVDid:CNNVD-202110-1514date:2022-11-22T00:00:00
db:NVDid:CVE-2021-21703date:2023-11-07T03:30:04.983

SOURCES RELEASE DATE

db:VULHUBid:VHN-380107date:2021-10-25T00:00:00
db:VULMONid:CVE-2021-21703date:2021-10-25T00:00:00
db:JVNDBid:JVNDB-2021-014233date:2022-10-11T00:00:00
db:PACKETSTORMid:164698date:2021-10-28T15:06:10
db:PACKETSTORMid:168579date:2022-09-30T14:56:50
db:PACKETSTORMid:167696date:2022-07-04T14:32:27
db:PACKETSTORMid:169134date:2021-10-28T19:12:00
db:PACKETSTORMid:167076date:2022-05-11T16:41:14
db:PACKETSTORMid:169145date:2021-10-28T19:12:00
db:CNNVDid:CNNVD-202110-1514date:2021-10-20T00:00:00
db:NVDid:CVE-2021-21703date:2021-10-25T06:15:06.563