CVE-2021-21708

EUVD-2021-8880
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
phpCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
phpphp
7.4.0 ≤
𝑥
< 7.4.28
phpphp
8.0.0 ≤
𝑥
< 8.0.16
phpphp
8.1.0 ≤
𝑥
< 8.1.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php7.4
bullseye
7.4.33-1+deb11u5
fixed
bullseye (security)
7.4.33-1+deb11u6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
bionic
dne
focal
dne
impish
dne
jammy
dne
trusty
not-affected
xenial
dne
php7.0
bionic
dne
focal
dne
impish
dne
jammy
dne
trusty
dne
xenial
not-affected
php7.2
bionic
not-affected
focal
dne
impish
dne
jammy
dne
trusty
dne
xenial
dne
php7.4
bionic
dne
focal
Fixed 7.4.3-4ubuntu2.9
released
impish
dne
jammy
dne
trusty
dne
xenial
dne
php8.0
bionic
dne
focal
dne
impish
Fixed 8.0.8-1ubuntu0.2
released
jammy
dne
trusty
dne
xenial
dne
php8.1
bionic
dne
focal
dne
impish
dne
jammy
Fixed 8.1.2-1ubuntu1
released
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://bugs.php.net/bug.php?id=81708
https://security.gentoo.org/glsa/202209-20
https://security.netapp.com/advisory/ntap-20220325-0004/
https://bugs.php.net/bug.php?id=81708
https://security.gentoo.org/glsa/202209-20
https://security.netapp.com/advisory/ntap-20220325-0004/