CVE-2021-21704

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
References
Link Resource
https://bugs.php.net/bug.php?id=76448 Exploit Issue Tracking Patch Vendor Advisory
https://bugs.php.net/bug.php?id=76449 Exploit Issue Tracking Patch Vendor Advisory
https://bugs.php.net/bug.php?id=76450 Exploit Issue Tracking Patch Vendor Advisory
https://bugs.php.net/bug.php?id=76452 Exploit Issue Tracking Patch Vendor Advisory
https://security.gentoo.org/glsa/202209-20 Third Party Advisory
https://security.netapp.com/advisory/ntap-20211029-0006/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

History

25 Oct 2022, 14:58

Type Values Removed Values Added
CWE CWE-119 CWE-787
References
  • (GENTOO) https://security.gentoo.org/glsa/202209-20 - Third Party Advisory

03 Nov 2021, 20:24

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211029-0006/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211029-0006/ - Third Party Advisory

29 Oct 2021, 13:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211029-0006/ -

08 Oct 2021, 03:37

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 5.9
CPE cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
CWE CWE-119
References (CONFIRM) https://bugs.php.net/bug.php?id=76450 - (CONFIRM) https://bugs.php.net/bug.php?id=76450 - Exploit, Issue Tracking, Patch, Vendor Advisory
References (CONFIRM) https://bugs.php.net/bug.php?id=76452 - (CONFIRM) https://bugs.php.net/bug.php?id=76452 - Exploit, Issue Tracking, Patch, Vendor Advisory
References (CONFIRM) https://bugs.php.net/bug.php?id=76449 - (CONFIRM) https://bugs.php.net/bug.php?id=76449 - Exploit, Issue Tracking, Patch, Vendor Advisory
References (CONFIRM) https://bugs.php.net/bug.php?id=76448 - (CONFIRM) https://bugs.php.net/bug.php?id=76448 - Exploit, Issue Tracking, Patch, Vendor Advisory

04 Oct 2021, 05:15

Type Values Removed Values Added
Summary In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

04 Oct 2021, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-04 04:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-21704

Mitre link : CVE-2021-21704

CVE.ORG link : CVE-2021-21704


JSON object : View

Products Affected

netapp

  • clustered_data_ontap

php

  • php
CWE
CWE-787

Out-of-bounds Write

CWE-125

Out-of-bounds Read

CWE-190

Integer Overflow or Wraparound