CVE-2021-21708

Updated: 2024-11-23 02:20:26.152929

Description:

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.8
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-07-18 11:44:30
CentOS 7 ELS php 5.4.16 9.8 CRITICAL Not Vulnerable 2024-01-22 08:40:42
CentOS 8.4 ELS php 7.4.6 9.8 CRITICAL Released CLSA-2022:1647550779 2022-04-18 15:53:22
CentOS 8.5 ELS php 7.4.19 9.8 CRITICAL Released CLSA-2022:1647550845 2022-04-18 15:53:23
CloudLinux 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-07-18 11:44:29
Oracle Linux 6 ELS php 5.3.3 9.8 CRITICAL Not Vulnerable 2022-07-18 11:44:29
Ubuntu 16.04 ELS php 7.0.33 9.8 CRITICAL Not Vulnerable 2022-07-18 11:44:29
Ubuntu 18.04 ELS php 7.2.24-0 9.8 CRITICAL Not Vulnerable 2023-05-30 08:57:32