ghsa-q773-v75g-5rqg
Vulnerability from github
Published
2022-05-24 19:16
Modified
2022-09-30 00:00
Severity ?
Details
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
{ "affected": [], "aliases": [ "CVE-2021-21704" ], "database_specific": { "cwe_ids": [ "CWE-119", "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-10-04T04:15:00Z", "severity": "MODERATE" }, "details": "In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.", "id": "GHSA-q773-v75g-5rqg", "modified": "2022-09-30T00:00:31Z", "published": "2022-05-24T19:16:31Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21704" }, { "type": "WEB", "url": "https://bugs.php.net/bug.php?id=76448" }, { "type": "WEB", "url": "https://bugs.php.net/bug.php?id=76449" }, { "type": "WEB", "url": "https://bugs.php.net/bug.php?id=76450" }, { "type": "WEB", "url": "https://bugs.php.net/bug.php?id=76452" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202209-20" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20211029-0006" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.