CVE-2021-21704 Information
Share on:
Jun 06, 2022
cve
Description
In PHP versions 7.3.x below 7.3.29 7.4.x below 7.4.21 and 8.0.x below 8.0.8 when using Firebird PDO driver extension a malicious database server could cause crashes in various database functions such as getAttribute() execute() fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes denial of service or potentially memory corruption.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://bugs.php.net/bug.php?id=76450 https://bugs.php.net/bug.php?id=76452 https://bugs.php.net/bug.php?id=76449 https://bugs.php.net/bug.php?id=76448 https://security.netapp.com/advisory/ntap-20211029-0006/
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
5.9