Details of VAR-202110-1577

ID

VAR-202110-1577

CVE

CVE-2021-21703

TITLE

PHP Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014233

DESCRIPTION

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. PHP Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security issue was found in PHP prior to 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root. ========================================================================= Ubuntu Security Notice USN-5125-1 October 27, 2021 php5, php7.0, php7.2, php7.4, php8.0 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: PHP-PFM in PHP could be made to run program as an administrator if it received specially crafted input. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: php8.0-fpm 8.0.8-1ubuntu0.1 Ubuntu 21.04: php7.4-fpm 7.4.16-1ubuntu2.2 Ubuntu 20.04 LTS: php7.4-fpm 7.4.3-4ubuntu2.7 Ubuntu 18.04 LTS: php7.2-fpm 7.2.24-0ubuntu0.18.04.10 Ubuntu 16.04 ESM: php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm2 Ubuntu 14.04 ESM: php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm15 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #799776, #810526, #819510, #833585, #850772, #857054 ID: 202209-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Background ========= PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 7.4.30:7.4 >= 7.4.30:7.4 < 8.0.23:8.0 >= 8.0.23:8.0 < 8.1.8:8.1 >= 8.1.8:8.1 Description ========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All PHP 7.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-7.4.30:7.4" All PHP 8.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-8.0.23:8.0" All PHP 8.1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-8.1.8:8.1" References ========= [ 1 ] CVE-2021-21703 https://nvd.nist.gov/vuln/detail/CVE-2021-21703 [ 2 ] CVE-2021-21704 https://nvd.nist.gov/vuln/detail/CVE-2021-21704 [ 3 ] CVE-2021-21705 https://nvd.nist.gov/vuln/detail/CVE-2021-21705 [ 4 ] CVE-2021-21708 https://nvd.nist.gov/vuln/detail/CVE-2021-21708 [ 5 ] CVE-2022-31625 https://nvd.nist.gov/vuln/detail/CVE-2022-31625 [ 6 ] CVE-2022-31626 https://nvd.nist.gov/vuln/detail/CVE-2022-31626 [ 7 ] CVE-2022-31627 https://nvd.nist.gov/vuln/detail/CVE-2022-31627 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-php73-php security and bug fix update Advisory ID: RHSA-2022:5491-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:5491 Issue date: 2022-07-04 CVE Names: CVE-2021-21703 CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 ==================================================================== 1. Summary: An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: password of excessive length triggers buffer overflow leading to RCE (CVE-2022-31626) * php: Local privilege escalation via PHP-FPM (CVE-2021-21703) * php: special character breaks path in xml parsing (CVE-2021-21707) * php: uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rh-php73: rebase to 7.3.33 (BZ#2100753) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2016535 - CVE-2021-21703 php: Local privilege escalation via PHP-FPM 2026045 - CVE-2021-21707 php: special character breaks path in xml parsing 2098521 - CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE 2098523 - CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE 2100753 - rh-php73: rebase to 7.3.33 [rhscl-3.8.z] 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-php73-php-7.3.33-1.el7.src.rpm ppc64le: rh-php73-php-7.3.33-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.33-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.33-1.el7.ppc64le.rpm rh-php73-php-common-7.3.33-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.33-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.33-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.33-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.33-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.33-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.33-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.33-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.33-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.33-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.33-1.el7.ppc64le.rpm rh-php73-php-json-7.3.33-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.33-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.33-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.33-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.33-1.el7.ppc64le.rpm rh-php73-php-process-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.33-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.33-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.33-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.33-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.33-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.33-1.el7.ppc64le.rpm s390x: rh-php73-php-7.3.33-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.33-1.el7.s390x.rpm rh-php73-php-cli-7.3.33-1.el7.s390x.rpm rh-php73-php-common-7.3.33-1.el7.s390x.rpm rh-php73-php-dba-7.3.33-1.el7.s390x.rpm rh-php73-php-dbg-7.3.33-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.33-1.el7.s390x.rpm rh-php73-php-devel-7.3.33-1.el7.s390x.rpm rh-php73-php-embedded-7.3.33-1.el7.s390x.rpm rh-php73-php-enchant-7.3.33-1.el7.s390x.rpm rh-php73-php-fpm-7.3.33-1.el7.s390x.rpm rh-php73-php-gd-7.3.33-1.el7.s390x.rpm rh-php73-php-gmp-7.3.33-1.el7.s390x.rpm rh-php73-php-intl-7.3.33-1.el7.s390x.rpm rh-php73-php-json-7.3.33-1.el7.s390x.rpm rh-php73-php-ldap-7.3.33-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.33-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.s390x.rpm rh-php73-php-odbc-7.3.33-1.el7.s390x.rpm rh-php73-php-opcache-7.3.33-1.el7.s390x.rpm rh-php73-php-pdo-7.3.33-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.33-1.el7.s390x.rpm rh-php73-php-process-7.3.33-1.el7.s390x.rpm rh-php73-php-pspell-7.3.33-1.el7.s390x.rpm rh-php73-php-recode-7.3.33-1.el7.s390x.rpm rh-php73-php-snmp-7.3.33-1.el7.s390x.rpm rh-php73-php-soap-7.3.33-1.el7.s390x.rpm rh-php73-php-xml-7.3.33-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.s390x.rpm rh-php73-php-zip-7.3.33-1.el7.s390x.rpm x86_64: rh-php73-php-7.3.33-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm rh-php73-php-common-7.3.33-1.el7.x86_64.rpm rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm rh-php73-php-json-7.3.33-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm rh-php73-php-process-7.3.33-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-php73-php-7.3.33-1.el7.src.rpm x86_64: rh-php73-php-7.3.33-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm rh-php73-php-common-7.3.33-1.el7.x86_64.rpm rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm rh-php73-php-json-7.3.33-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm rh-php73-php-process-7.3.33-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-21703 https://access.redhat.com/security/cve/CVE-2021-21707 https://access.redhat.com/security/cve/CVE-2022-31625 https://access.redhat.com/security/cve/CVE-2022-31626 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYsLehtzjgjWX9erEAQiwyQ/+PV7nIzWZKjc+4JLfk/tF6u19j7lmxgo/ rXR/9UyeBFTas8Nd+19Q2xgJdEDheHED74zskj6lsMW8V8v7DEwP3QfbBrmsWAKl HMahWfYEh6ZhpNMAxR1bc+z243unsHXb94b2Ed7oTNFewRxdkga1K+uhhvewfYaw +yycxRapynaD0SUqtP6KDFirpX14iobazHynhVbiE1KMAv9pIkYlCLJmktnR18Pp 8UFEyGO05tovQqe38+9oVAFxnfq7f/NTmrIJAOuYcS5Lu0B9g4yMrWWiL4XjmL3U YWHhPm5dSRWXaKGF2JtCsQ7kShFcHj7pXnBQsoRT3GYimuYuZnR9fd3p6i1EUU6c 6oE8Uu5D2dH1iEdYtewohgTGYkUz/IBT+f0d9Z6k0aQdroOGgczjBm8nc7pV580G 3ksyFzk58rOyPDlslrF0OtN2Xdq3Vn2InS/EJeT6d1v0OMMn8Voezg7jE28jT/qx 5tDKv98T4qD+IiurXBr/PFEFkZxMzKFOo6MVtkIpLuJjPf2Guy/8vO6KjUiR0ANE GLtzbThZrV6js/vurZr0oc7h+UdgcgVm69XlcUVi7rHij7WC0UOlbF0pYM+b805c HU8AYV8+9FxSB88w49p2eg1iIn0CNfKi2YQL2Gyr4T9L09Eiuf/y/HrgwLg66t4X 4AC7K4v+QQw=KI2M -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For the oldstable distribution (buster), this problem has been fixed in version 7.3.31-1~deb10u1. We recommend that you upgrade your php7.3 packages. For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmF3EohfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QTzBAAgt5HqxH7k7LMTK1tnwY2HXoNB9avYOwLrZbuox+D6hU9RO0en+3phMK1 2rwREhAwwvbt2SuqmGOnxnLHfpvuS31ufHmLaiGVsGPJL3qAy3t/w3DZ1euZf60A MLbHuLElmA6PuPnsnQbzNb28PfTFjkYt2u0nRSU4R1Te78mZg4tw/IlrCUAeHOUJ /7AuTpv7zTCP765YqEgqJfg5lL+NhsAxrZ//6Zx7hDvqb1VIc3vHKpC/DJWP56XS YVmGILhEZIY33ixGdQR6/uW0VrvW0AELzveVpiOZVZcGYJH2j2V2xW7cTcPZXiyO hBbnBDHPi+PyH8I461J9RLw/8dJpU6zn+I2w5RSmMhVk+swjkBTiBLbyeOfp5mBS 7wCPyEBUYGD6AiWG96qfpn2/ACHyY+ndrMWabtCfgRGkwcb2kqRhQ4Ai3nYSZm1l 3XDdNIg+Ywtf7NRwblBVlvJ4egy8tj0ERB9wigd2av1buHl6Ji6xRvePYHShm6xi C02qTL7cFfKmTxfk0HdwtUu0zYc9qKZb9VAcPwiwqTbgWXWbnTLivBoIJ1iubQsU kOpzH41nt7vlmaFb6Q5HCGNdrwIQ3CwavFdnIfF7YCV9tN7qJwI61KsBcGM6l5hW 1oCvUbEyeaaVNl2REsDNqtzJE154Prd//3pwShMNHlHcxwf+LV8= =1d/J -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section

Trust: 2.34

sources: NVD: CVE-2021-21703 // JVNDB: JVNDB-2021-014233 // VULHUB: VHN-380107 // VULMON: CVE-2021-21703 // PACKETSTORM: 164698 // PACKETSTORM: 168579 // PACKETSTORM: 167696 // PACKETSTORM: 169134 // PACKETSTORM: 167076 // PACKETSTORM: 169145

AFFECTED PRODUCTS

vendor:	php	model:	php	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.5.0.2	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	8.0.12	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	7.3.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	7.4.25	Trust: 1.0
vendor:	php	model:	php	scope:	lte	version:	7.3.31	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	netapp	model:	clustered data ontap antivirus connector	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications diameter signaling router	scope:	-	version:	-	Trust: 0.8
vendor:	the php group	model:	php	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014233 // NVD: CVE-2021-21703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21703
value:	HIGH
Trust: 1.0
security@php.net:	CVE-2021-21703
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-21703
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-1514
value:	HIGH
Trust: 0.6
VULHUB:	VHN-380107
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21703
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21703
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380107
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21703
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
security@php.net:	CVE-2021-21703
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.1
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21703
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380107 // VULMON: CVE-2021-21703 // JVNDB: JVNDB-2021-014233 // CNNVD: CNNVD-202110-1514 // NVD: CVE-2021-21703 // NVD: CVE-2021-21703

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-284	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380107 // JVNDB: JVNDB-2021-014233 // NVD: CVE-2021-21703

THREAT TYPE

local

Trust: 0.9

sources: PACKETSTORM: 168579 // PACKETSTORM: 169134 // PACKETSTORM: 169145 // CNNVD: CNNVD-202110-1514

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202110-1514

PATCH

title:	Oracle Critical Patch Update Advisory - April 2022 Oracle Critical Patch Update	url:	https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html	Trust: 0.8
title:	PHP Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=167359	Trust: 0.6
title:	Debian CVElist Bug Report Logs: php: CVE-2021-21703	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=367f4c4a333e1f2558606fc0c7ade7c4	Trust: 0.1
title:	Debian Security Advisories: DSA-4993-1 php7.3 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=3bb2d2714d0d0b836ca271ce2aa4d17c	Trust: 0.1
title:	Debian Security Advisories: DSA-4992-1 php7.4 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a0d33242f30774b0a2380ec202d367da	Trust: 0.1
title:	Red Hat: Important: rh-php73-php security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225491 - Security Advisory	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-21703 log	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-21703	Trust: 0.1
title:	-	url:	https://github.com/Henzau/WEB-NMAP	Trust: 0.1

sources: VULMON: CVE-2021-21703 // JVNDB: JVNDB-2021-014233 // CNNVD: CNNVD-202110-1514

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21703	Trust: 4.0
db:	OPENWALL	id:	OSS-SECURITY/2021/10/26/7	Trust: 2.6
db:	PACKETSTORM	id:	164698	Trust: 0.8
db:	PACKETSTORM	id:	167696	Trust: 0.8
db:	PACKETSTORM	id:	167076	Trust: 0.8
db:	PACKETSTORM	id:	168579	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-014233	Trust: 0.8
db:	CS-HELP	id:	SB2022051153	Trust: 0.6
db:	CS-HELP	id:	SB2022012745	Trust: 0.6
db:	CS-HELP	id:	SB2021102719	Trust: 0.6
db:	CS-HELP	id:	SB2021102621	Trust: 0.6
db:	CS-HELP	id:	SB2022070644	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4126	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3963	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3540	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.6055	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0898	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3253	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3601	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-1514	Trust: 0.6
db:	VULHUB	id:	VHN-380107	Trust: 0.1
db:	VULMON	id:	CVE-2021-21703	Trust: 0.1
db:	PACKETSTORM	id:	169134	Trust: 0.1
db:	PACKETSTORM	id:	169145	Trust: 0.1

sources: VULHUB: VHN-380107 // VULMON: CVE-2021-21703 // JVNDB: JVNDB-2021-014233 // PACKETSTORM: 164698 // PACKETSTORM: 168579 // PACKETSTORM: 167696 // PACKETSTORM: 169134 // PACKETSTORM: 167076 // PACKETSTORM: 169145 // CNNVD: CNNVD-202110-1514 // NVD: CVE-2021-21703

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2021/10/26/7	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21703	Trust: 2.0
url:	https://www.debian.org/security/2021/dsa-4993	Trust: 1.9
url:	https://security.gentoo.org/glsa/202209-20	Trust: 1.9
url:	https://security.netapp.com/advisory/ntap-20211118-0003/	Trust: 1.8
url:	https://www.debian.org/security/2021/dsa-4992	Trust: 1.8
url:	https://bugs.php.net/bug.php?id=81026	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html	Trust: 1.8
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6pzvliczujmxogwouwsbaegivtf6y6v3/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jo5ra6yobgggklia6f6bqrzddecf5l3r/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pbm3kkb3ry2ypoknmc4hih7ih3t3wc74/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6pzvliczujmxogwouwsbaegivtf6y6v3/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pbm3kkb3ry2ypoknmc4hih7ih3t3wc74/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jo5ra6yobgggklia6f6bqrzddecf5l3r/	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2021-21703	Trust: 0.8
url:	https://packetstormsecurity.com/files/168579/gentoo-linux-security-advisory-202209-20.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/164698/ubuntu-security-notice-usn-5125-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167696/red-hat-security-advisory-2022-5491-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167076/red-hat-security-advisory-2022-1935-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3601	Trust: 0.6
url:	https://vigilance.fr/vulnerability/php-read-write-access-via-fpm-36691	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3540	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4126	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3963	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012745	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021102719	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051153	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6055	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3253	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021102621	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0898	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070644	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31625	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31626	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21705	Trust: 0.2
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-21703	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997003	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://security.archlinux.org/cve-2021-21703	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5125-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.7	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.4/7.4.16-1ubuntu2.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.1	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31627	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21704	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21708	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-31626	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21707	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:5491	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-31625	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21707	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/php7.3	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21705	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1935	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/php7.4	Trust: 0.1

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 167696 // PACKETSTORM: 167076

SOURCES

db:	VULHUB	id:	VHN-380107
db:	VULMON	id:	CVE-2021-21703
db:	JVNDB	id:	JVNDB-2021-014233
db:	PACKETSTORM	id:	164698
db:	PACKETSTORM	id:	168579
db:	PACKETSTORM	id:	167696
db:	PACKETSTORM	id:	169134
db:	PACKETSTORM	id:	167076
db:	PACKETSTORM	id:	169145
db:	CNNVD	id:	CNNVD-202110-1514
db:	NVD	id:	CVE-2021-21703

LAST UPDATE DATE

2024-08-14T12:36:48.800000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380107	date:	2022-10-29T00:00:00
db:	VULMON	id:	CVE-2021-21703	date:	2022-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-014233	date:	2022-10-11T06:21:00
db:	CNNVD	id:	CNNVD-202110-1514	date:	2022-11-22T00:00:00
db:	NVD	id:	CVE-2021-21703	date:	2023-11-07T03:30:04.983

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380107	date:	2021-10-25T00:00:00
db:	VULMON	id:	CVE-2021-21703	date:	2021-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-014233	date:	2022-10-11T00:00:00
db:	PACKETSTORM	id:	164698	date:	2021-10-28T15:06:10
db:	PACKETSTORM	id:	168579	date:	2022-09-30T14:56:50
db:	PACKETSTORM	id:	167696	date:	2022-07-04T14:32:27
db:	PACKETSTORM	id:	169134	date:	2021-10-28T19:12:00
db:	PACKETSTORM	id:	167076	date:	2022-05-11T16:41:14
db:	PACKETSTORM	id:	169145	date:	2021-10-28T19:12:00
db:	CNNVD	id:	CNNVD-202110-1514	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2021-21703	date:	2021-10-25T06:15:06.563