CVE-2021-21704
Multiple vulnerabilities in Firebird client extension
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
En PHP versiones 7.3.x por debajo de 7.3.29, 7.4.x y por debajo de 7.4.21 y 8.0.x por debajo de 8.0.8, cuando es usada la extensión del controlador PDO de Firebird, un servidor de base de datos malicioso podría causar bloqueos en varias funciones de la base de datos, como getAttribute(), execute(), fetch() y otras, al devolver datos de respuesta no válidos que no son analizados correctamente por el controlador. Esto puede resultar en fallos, denegación de servicio o potencialmente una corrupción de memoria
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-07-07 CVE Published
- 2024-03-06 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
- CWE-190: Integer Overflow or Wraparound
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20211029-0006 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugs.php.net/bug.php?id=76448 | 2024-09-17 | |
https://bugs.php.net/bug.php?id=76449 | 2024-09-17 | |
https://bugs.php.net/bug.php?id=76450 | 2024-09-17 | |
https://bugs.php.net/bug.php?id=76452 | 2024-09-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202209-20 | 2022-10-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.3.0 < 7.3.29 Search vendor "Php" for product "Php" and version " >= 7.3.0 < 7.3.29" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.4.0 < 7.4.21 Search vendor "Php" for product "Php" and version " >= 7.4.0 < 7.4.21" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 8.0.0 < 8.0.8 Search vendor "Php" for product "Php" and version " >= 8.0.0 < 8.0.8" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
|