CVE Vulnerability

CVE-2021-21704

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

5.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugs.php.net/bug.php?id=76450 Exploit Issue Tracking
https://bugs.php.net/bug.php?id=76452 Exploit Issue Tracking
https://bugs.php.net/bug.php?id=76449 Exploit Issue Tracking
https://bugs.php.net/bug.php?id=76448 Exploit Issue Tracking
https://security.netapp.com/advisory/ntap-20211029-0006/ Third Party Advisory
https://security.gentoo.org/glsa/202209-20 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Information

Published : 2021-10-04 04:15

Updated : 2022-10-25 02:58

NVD link : CVE-2021-21704

Mitre link : CVE-2021-21704

Products Affected
No products.
CWE
CWE-787