Vulnerability-Lookup

alsa-2022:1935

Vulnerability from osv_almalinux

Published

2022-05-10 00:00

Modified

2022-07-01 13:57

Summary

Moderate: php:7.4 security update

Details

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: Local privilege escalation via PHP-FPM (CVE-2021-21703) * php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "apcu-panel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libzip-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-bcmath"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dba"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-dbg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-embedded"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-enchant"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-ffi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-fpm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-gmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-intl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-json"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mbstring"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-mysqlnd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-odbc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-opcache"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pdo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pear"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.10.12-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-apcu-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-rrd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-xdebug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.5-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pecl-zip"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.2-1.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-pgsql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-process"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-snmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-soap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-xml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "php-xmlrpc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.19-2.module_el8.6.0+2750+78feabcb"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\nSecurity Fix(es):\n* php: Local privilege escalation via PHP-FPM (CVE-2021-21703)\n* php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2022:1935",
  "modified": "2022-07-01T13:57:17Z",
  "published": "2022-05-10T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:1935"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-21703"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-21705"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1978755"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2016535"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-1935.html"
    }
  ],
  "related": [
    "CVE-2021-21703",
    "CVE-2021-21705"
  ],
  "summary": "Moderate: php:7.4 security update"
}

CVE-2021-21703 (GCVE-0-2021-21703)

Vulnerability from cvelistv5 – Published: 2021-10-25 05:40 – Updated: 2024-09-17 03:02

Title

PHP-FPM memory access in root process leading to privilege escalation

Summary

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write
CWE-284 - Improper Access Control

Assigner

php

References

URL

Tags

	https://bugs.php.net/bug.php?id=81026	x_refsource_MISC
	https://www.debian.org/security/2021/dsa-4992	vendor-advisoryx_refsource_DEBIAN
	https://www.debian.org/security/2021/dsa-4993	vendor-advisoryx_refsource_DEBIAN
	http://www.openwall.com/lists/oss-security/2021/10/26/7	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2021111…	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://security.gentoo.org/glsa/202209-20	vendor-advisoryx_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 7.3.x , ≤ 7.3.31 (custom) Affected: 7.4.x , < 7.4.25 (custom) Affected: 8.0.X , < 8.0.12 (custom)

Credits

Reported by Charles Fol

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:23:29.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=81026"
          },
          {
            "name": "DSA-4992",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4992"
          },
          {
            "name": "DSA-4993",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4993"
          },
          {
            "name": "[oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 \u003c= 8.0.12 Local Root",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
          },
          {
            "name": "[debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
          },
          {
            "name": "FEDORA-2021-9f68f5f752",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/"
          },
          {
            "name": "FEDORA-2021-4140b54de2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/"
          },
          {
            "name": "FEDORA-2021-02d218c3be",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "GLSA-202209-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThanOrEqual": "7.3.31",
              "status": "affected",
              "version": "7.3.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.25",
              "status": "affected",
              "version": "7.4.x",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.12",
              "status": "affected",
              "version": "8.0.X",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "PHP FPM is being used with the main process having higher privileges than the worker processes."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by Charles Fol"
        }
      ],
      "datePublic": "2021-10-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-29T16:06:50.000Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=81026"
        },
        {
          "name": "DSA-4992",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4992"
        },
        {
          "name": "DSA-4993",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4993"
        },
        {
          "name": "[oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 \u003c= 8.0.12 Local Root",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
        },
        {
          "name": "[debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
        },
        {
          "name": "FEDORA-2021-9f68f5f752",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/"
        },
        {
          "name": "FEDORA-2021-4140b54de2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/"
        },
        {
          "name": "FEDORA-2021-02d218c3be",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "GLSA-202209-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-20"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=81026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "PHP-FPM memory access in root process leading to privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2021-10-18T22:40:00.000Z",
          "ID": "CVE-2021-21703",
          "STATE": "PUBLIC",
          "TITLE": "PHP-FPM memory access in root process leading to privilege escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "7.3.x",
                            "version_value": "7.3.31"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.4.x",
                            "version_value": "7.4.25"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.0.X",
                            "version_value": "8.0.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "PHP FPM is being used with the main process having higher privileges than the worker processes."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "Reported by Charles Fol"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787 Out-of-bounds Write"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284 Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=81026",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=81026"
            },
            {
              "name": "DSA-4992",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4992"
            },
            {
              "name": "DSA-4993",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4993"
            },
            {
              "name": "[oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 \u003c= 8.0.12 Local Root",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
            },
            {
              "name": "[debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
            },
            {
              "name": "FEDORA-2021-9f68f5f752",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/"
            },
            {
              "name": "FEDORA-2021-4140b54de2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/"
            },
            {
              "name": "FEDORA-2021-02d218c3be",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211118-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "GLSA-202209-20",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-20"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=81026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2021-21703",
    "datePublished": "2021-10-25T05:40:08.576Z",
    "dateReserved": "2021-01-04T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:02:55.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-21705 (GCVE-0-2021-21705)

Vulnerability from cvelistv5 – Published: 2021-10-04 04:00 – Updated: 2024-09-17 04:09

Title

Incorrect URL validation in FILTER_VALIDATE_URL

Summary

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-20 - Improper Input Validation

Assigner

php

References

URL

Tags

	https://bugs.php.net/bug.php?id=81122	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2021102…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-20	vendor-advisoryx_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	PHP Group	PHP	Affected: 7.3.x , < 7.3.29 (custom) Affected: 7.4.x , < 7.4.21 (custom) Affected: 8.0.X , < 8.0.8 (custom)

Credits

reported by vi at hackberry dot xyz

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:23:29.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=81122"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211029-0006/"
          },
          {
            "name": "GLSA-202209-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "7.3.29",
              "status": "affected",
              "version": "7.3.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.21",
              "status": "affected",
              "version": "7.4.x",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.8",
              "status": "affected",
              "version": "8.0.X",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "reported by vi at hackberry dot xyz"
        }
      ],
      "datePublic": "2021-06-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-29T16:06:48.000Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=81122"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211029-0006/"
        },
        {
          "name": "GLSA-202209-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-20"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=81122"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Incorrect URL validation in FILTER_VALIDATE_URL",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2021-06-28T11:41:00.000Z",
          "ID": "CVE-2021-21705",
          "STATE": "PUBLIC",
          "TITLE": "Incorrect URL validation in FILTER_VALIDATE_URL"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.3.x",
                            "version_value": "7.3.29"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.4.x",
                            "version_value": "7.4.21"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.0.X",
                            "version_value": "8.0.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "reported by vi at hackberry dot xyz"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=81122",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=81122"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211029-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211029-0006/"
            },
            {
              "name": "GLSA-202209-20",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-20"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=81122"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2021-21705",
    "datePublished": "2021-10-04T04:00:15.654Z",
    "dateReserved": "2021-01-04T00:00:00.000Z",
    "dateUpdated": "2024-09-17T04:09:29.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2022:1935

Vulnerability from osv_almalinux

CVE-2021-21703 (GCVE-0-2021-21703)

CVE-2021-21705 (GCVE-0-2021-21705)

Tags

Sightings

Nomenclature