Published: 25/10/2021 Updated: 07/11/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

A security issue was found in PHP prior to 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0
fedoraproject fedora 33
fedoraproject fedora 34
fedoraproject fedora 35
netapp clustered data ontap -
oracle communications diameter signaling router

Synopsis Important: rh-php73-php security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-php73-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated ...

Debian Bug report logs - #997003 php: CVE-2021-21703 Package: src:php74; Maintainer for src:php74 is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Reported by: Christian Göttsche <cgzones@googlemailcom> Date: Fri, 22 Oct 2021 09:24:02 UTC Severity: serious Tags: fixed-upstream, security, upstream Fou ...

An out-of-bounds read and write flaw was discovered in the PHP-FPM code, which could result in escalation of privileges from local unprivileged user to the root user For the stable distribution (bullseye), this problem has been fixed in version 7425-1+deb11u1 We recommend that you upgrade your php74 packages For the detailed security status o ...

An out-of-bounds read and write flaw was discovered in the PHP-FPM code, which could result in escalation of privileges from local unprivileged user to the root user For the oldstable distribution (buster), this problem has been fixed in version 7331-1~deb10u1 We recommend that you upgrade your php73 packages For the detailed security status ...

A security issue was found in PHP before versions 8012 and 7425 in the PHP-FPM component An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root ...

Internship research project about website API and packages weakness

WEB-NMAP Internship research project about website API and packages weakness Project idea In today's society many websites and applications are created using external API, libraries and external code without being looked up or even without seeing the code This problem led to a great deal of website shutdown due to an API being revealed having a critical vulnerability also

CWE-787 https://bugs.php.net/bug.php?id=81026 https://www.debian.org/security/2021/dsa-4993 https://www.debian.org/security/2021/dsa-4992 http://www.openwall.com/lists/oss-security/2021/10/26/7 https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html https://security.netapp.com/advisory/ntap-20211118-0003/https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuapr2022.html https://security.gentoo.org/glsa/202209-20 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/https://access.redhat.com/errata/RHSA-2022:5491 https://nvd.nist.gov https://github.com/Henzau/WEB-NMAP https://www.debian.org/security/2021/dsa-4992 https://security.archlinux.org/CVE-2021-21703

CVE-2021-21703

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect