CVE-2021-21704

Updated: 2024-11-24 04:16:07.119074

Description:

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 5.9

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS php 5.3.3 5.9 MEDIUM Released CLSA-2021:1637673193 2022-05-05 12:02:23
CentOS 7 ELS php 5.4.16 5.9 MEDIUM Ignored 2024-01-21 08:36:31
CentOS 8.4 ELS php 7.4.6 5.9 MEDIUM Not Vulnerable 2022-02-04 02:37:33
CentOS 8.5 ELS php 7.4.19 5.9 MEDIUM Ignored 2022-02-10 08:36:20
CloudLinux 6 ELS php 5.3.3 5.9 MEDIUM Released 2021-12-24 07:40:09
Oracle Linux 6 ELS php 5.3.3 5.9 MEDIUM Not Vulnerable 2022-01-25 08:18:23
Ubuntu 16.04 ELS php 7.0.33 5.9 MEDIUM Released CLSA-2021:1639681846 2021-12-24 07:40:09
Ubuntu 18.04 ELS php 7.2.24-0 5.9 MEDIUM Already Fixed 2023-07-04 17:06:50