Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-21708

Published: 27/02/2022 Updated: 07/10/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Php

Vulnerability Summary

A flaw was found in PHP. The vulnerability occurs due to the malformed php_filter_float() function and leads to a use-after-free vulnerability. This flaw allows an malicious user to inject a malicious file, leading to a crash or a Segmentation fault. (CVE-2021-21708)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

Vendor Advisories

Red Hat: Moderate: php security, bug fix, and enhancement update
Synopsis Moderate: php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for php is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this upd ...
Red Hat: Moderate: php:7.4 security, bug fix, and enhancement update
Synopsis Moderate: php:74 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:74 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security ...
Debian Security Advisories: DSA-5082-1 php7.4 -- security update
Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service For the stable distribution (bullseye), these problems have been fixed in version 7428-1+deb11u1 We recommend that you upgrade your php74 packages For the detailed security statu ...
Amazon Linux 2: ALASPHP8.0-2023-007
A flaw was found in PHP The vulnerability occurs due to the malformed php_filter_float() function and leads to a use-after-free vulnerability This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault (CVE-2021-21708) ...
Arch Linux Issues:
A flaw was found in PHP The vulnerability occurs due to the malformed php_filter_float() function and leads to a use-after-free vulnerability This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault ...
Amazon Linux 2022: ALAS2022-2022-073
A flaw was found in php The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language(XML) entity A special character could allow an attacker to traverse directories The highest threat from this vulnerability is confidentiality (CVE-2021-21707) A flaw was found in PHP The vulnerability occurs d ...
Amazon Linux 2022: ALAS2022-2022-085
A flaw was found in PHP The vulnerability occurs due to the malformed php_filter_float() function and leads to a use-after-free vulnerability This flaw allows an attacker to inject a malicious file, leading to a crash or a Segmentation fault (CVE-2021-21708) ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS
PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS ...

Github Repositories

https://github.com/Sergio-F20/GPT-Fast-Pentest

Perform fast pentesting searches using ChatGPT

GPT-FastPentest GPT-FastPentest is a little Python-based tool that allows pentesters to quickly and easily search for information related to CVEs, links for working exploits, and remediation for vulnerabilities This tool is designed to be simple and straightforward, providing fast results from ChatGPT Disclaimer This tool is intended for educational and informational purposes

https://github.com/Sergio-F20/GPT-FastPentest

Perform fast pentesting searches using ChatGPT

GPT-FastPentest GPT-FastPentest is a little Python-based tool that allows pentesters to quickly and easily search for information related to CVEs, links for working exploits, and remediation for vulnerabilities This tool is designed to be simple and straightforward, providing fast results from ChatGPT Disclaimer This tool is intended for educational and informational purposes

References

CWE-416https://bugs.php.net/bug.php?id=81708https://security.netapp.com/advisory/ntap-20220325-0004/https://security.gentoo.org/glsa/202209-20https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:8197https://github.com/Sergio-F20/GPT-Fast-Pentesthttps://www.debian.org/security/2022/dsa-5082https://alas.aws.amazon.com/AL2/ALASPHP8.0-2023-007.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook