Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALASPHP8.0-2023-008

Related Vulnerabilities: CVE-2021-21704   CVE-2021-21705  

Several flaws has been found in php. The pdo_firebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before calculation of the exec procedure leading to a crash. The highest threat from this vulnerability is to system availability. (CVE-2021-21704) PHP: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)

Source

ALASPHP8.0-2023-008

Amazon Linux 2 Security Advisory: ALASPHP8.0-2023-008
Advisory Release Date: 2023-08-21 21:00 Pacific
Advisory Updated Date: 2023-09-13 19:31 Pacific
Severity: Medium
Issue Overview:

Several flaws has been found in php. The pdo_firebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before calculation of the exec procedure leading to a crash. The highest threat from this vulnerability is to system availability. (CVE-2021-21704)

PHP: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)


Affected Packages:

php


Issue Correction:
Run yum update php to update your system.

New Packages:
aarch64:
    php-8.0.8-1.amzn2.aarch64
    php-cli-8.0.8-1.amzn2.aarch64
    php-dbg-8.0.8-1.amzn2.aarch64
    php-fpm-8.0.8-1.amzn2.aarch64
    php-common-8.0.8-1.amzn2.aarch64
    php-devel-8.0.8-1.amzn2.aarch64
    php-opcache-8.0.8-1.amzn2.aarch64
    php-ldap-8.0.8-1.amzn2.aarch64
    php-pdo-8.0.8-1.amzn2.aarch64
    php-mysqlnd-8.0.8-1.amzn2.aarch64
    php-pgsql-8.0.8-1.amzn2.aarch64
    php-process-8.0.8-1.amzn2.aarch64
    php-odbc-8.0.8-1.amzn2.aarch64
    php-soap-8.0.8-1.amzn2.aarch64
    php-snmp-8.0.8-1.amzn2.aarch64
    php-xml-8.0.8-1.amzn2.aarch64
    php-mbstring-8.0.8-1.amzn2.aarch64
    php-gd-8.0.8-1.amzn2.aarch64
    php-bcmath-8.0.8-1.amzn2.aarch64
    php-gmp-8.0.8-1.amzn2.aarch64
    php-dba-8.0.8-1.amzn2.aarch64
    php-embedded-8.0.8-1.amzn2.aarch64
    php-pspell-8.0.8-1.amzn2.aarch64
    php-intl-8.0.8-1.amzn2.aarch64
    php-enchant-8.0.8-1.amzn2.aarch64
    php-sodium-8.0.8-1.amzn2.aarch64
    php-debuginfo-8.0.8-1.amzn2.aarch64

src:
    php-8.0.8-1.amzn2.src

x86_64:
    php-8.0.8-1.amzn2.x86_64
    php-cli-8.0.8-1.amzn2.x86_64
    php-dbg-8.0.8-1.amzn2.x86_64
    php-fpm-8.0.8-1.amzn2.x86_64
    php-common-8.0.8-1.amzn2.x86_64
    php-devel-8.0.8-1.amzn2.x86_64
    php-opcache-8.0.8-1.amzn2.x86_64
    php-ldap-8.0.8-1.amzn2.x86_64
    php-pdo-8.0.8-1.amzn2.x86_64
    php-mysqlnd-8.0.8-1.amzn2.x86_64
    php-pgsql-8.0.8-1.amzn2.x86_64
    php-process-8.0.8-1.amzn2.x86_64
    php-odbc-8.0.8-1.amzn2.x86_64
    php-soap-8.0.8-1.amzn2.x86_64
    php-snmp-8.0.8-1.amzn2.x86_64
    php-xml-8.0.8-1.amzn2.x86_64
    php-mbstring-8.0.8-1.amzn2.x86_64
    php-gd-8.0.8-1.amzn2.x86_64
    php-bcmath-8.0.8-1.amzn2.x86_64
    php-gmp-8.0.8-1.amzn2.x86_64
    php-dba-8.0.8-1.amzn2.x86_64
    php-embedded-8.0.8-1.amzn2.x86_64
    php-pspell-8.0.8-1.amzn2.x86_64
    php-intl-8.0.8-1.amzn2.x86_64
    php-enchant-8.0.8-1.amzn2.x86_64
    php-sodium-8.0.8-1.amzn2.x86_64
    php-debuginfo-8.0.8-1.amzn2.x86_64

Additional References

Red Hat: CVE-2021-21704, CVE-2021-21705

Mitre: CVE-2021-21704, CVE-2021-21705

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started