Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-21702 (GCVE-0-2021-21702)
Vulnerability from cvelistv5 – Published: 2021-02-15 04:10 – Updated: 2024-09-16 17:34
VLAI?
EPSS
Title
Null Dereference in SoapClient
Summary
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
Severity ?
5.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
Reported by jgalindo at datto dot com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"name": "DSA-4856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"name": "GLSA-202105-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "7.3.27",
"status": "affected",
"version": "7.3.x",
"versionType": "custom"
},
{
"lessThan": "7.4.15",
"status": "affected",
"version": "7.4.x",
"versionType": "custom"
},
{
"lessThan": "8.0.2",
"status": "affected",
"version": "8.0.X",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by jgalindo at datto dot com"
}
],
"datePublic": "2021-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:40:53.000Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"name": "DSA-4856",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"name": "GLSA-202105-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
}
],
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=77423"
],
"discovery": "EXTERNAL"
},
"title": "Null Dereference in SoapClient",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2021-02-01T14:00:00.000Z",
"ID": "CVE-2021-21702",
"STATE": "PUBLIC",
"TITLE": "Null Dereference in SoapClient"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.27"
},
{
"version_affected": "\u003c",
"version_name": "7.4.x",
"version_value": "7.4.15"
},
{
"version_affected": "\u003c",
"version_name": "8.0.X",
"version_value": "8.0.2"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by jgalindo at datto dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=80672",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"name": "DSA-4856",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"name": "GLSA-202105-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210312-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=77423"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2021-21702",
"datePublished": "2021-02-15T04:10:16.837Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:34:26.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
bit-php-2021-21702
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:05
Modified
2025-05-20 10:02
Summary
Null Dereference in SoapClient
Details
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "php",
"purl": "pkg:bitnami/php"
},
"ranges": [
{
"events": [
{
"introduced": "7.3.0"
},
{
"fixed": "7.3.27"
},
{
"introduced": "7.4.0"
},
{
"fixed": "7.4.15"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-21702"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.",
"id": "BIT-php-2021-21702",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T11:05:31.470Z",
"references": [
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21702"
}
],
"schema_version": "1.5.0",
"summary": "Null Dereference in SoapClient"
}
bit-libphp-2021-21702
Vulnerability from bitnami_vulndb
Published
2025-08-11 13:53
Modified
2025-08-11 14:19
Summary
Null Dereference in SoapClient
Details
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "libphp",
"purl": "pkg:bitnami/libphp"
},
"ranges": [
{
"events": [
{
"introduced": "7.3.0"
},
{
"fixed": "7.3.27"
},
{
"introduced": "7.4.0"
},
{
"fixed": "7.4.15"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-21702"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.",
"id": "BIT-libphp-2021-21702",
"modified": "2025-08-11T14:19:40.295Z",
"published": "2025-08-11T13:53:21.478Z",
"references": [
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21702"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"schema_version": "1.6.2",
"summary": "Null Dereference in SoapClient"
}
GSD-2021-21702
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-21702",
"description": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.",
"id": "GSD-2021-21702",
"references": [
"https://www.suse.com/security/cve/CVE-2021-21702.html",
"https://www.debian.org/security/2021/dsa-4856",
"https://access.redhat.com/errata/RHSA-2021:4213",
"https://access.redhat.com/errata/RHSA-2021:2992",
"https://ubuntu.com/security/CVE-2021-21702",
"https://advisories.mageia.org/CVE-2021-21702.html",
"https://security.archlinux.org/CVE-2021-21702",
"https://linux.oracle.com/cve/CVE-2021-21702.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-21702"
],
"details": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.",
"id": "GSD-2021-21702",
"modified": "2023-12-13T01:23:10.864211Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2021-02-01T14:00:00.000Z",
"ID": "CVE-2021-21702",
"STATE": "PUBLIC",
"TITLE": "Null Dereference in SoapClient"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.3.x",
"version_value": "7.3.27"
},
{
"version_affected": "\u003c",
"version_name": "7.4.x",
"version_value": "7.4.15"
},
{
"version_affected": "\u003c",
"version_name": "8.0.X",
"version_value": "8.0.2"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by jgalindo at datto dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=80672",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"name": "DSA-4856",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"name": "GLSA-202105-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210312-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
}
]
},
"source": {
"defect": [
"https://bugs.php.net/bug.php?id=77423"
],
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.3.27",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.4.15",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"ID": "CVE-2021-21702"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"name": "DSA-4856",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210312-0005/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
},
{
"name": "GLSA-202105-23",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-12-10T17:58Z",
"publishedDate": "2021-02-15T04:15Z"
}
}
}
CERTFR-2021-AVI-571
Vulnerability from certfr_avis - Published: 2021-07-23 - Updated: 2021-07-23
De multiples vulnérabilités ont été découvertes dans Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.19.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2020-7060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7060"
},
{
"name": "CVE-2019-11048",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11048"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2019-11041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11041"
},
{
"name": "CVE-2020-7071",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7071"
},
{
"name": "CVE-2019-11045",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11045"
},
{
"name": "CVE-2021-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21704"
},
{
"name": "CVE-2020-7070",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7070"
},
{
"name": "CVE-2020-7069",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7069"
},
{
"name": "CVE-2019-11046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11046"
},
{
"name": "CVE-2020-7063",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2019-19646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2021-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21705"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2020-7068",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7068"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2019-11044",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11044"
},
{
"name": "CVE-2020-7064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7064"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2017-5661",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5661"
},
{
"name": "CVE-2019-11047",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11047"
},
{
"name": "CVE-2020-7067",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7067"
},
{
"name": "CVE-2020-7062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2019-11043",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
},
{
"name": "CVE-2020-7065",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7065"
},
{
"name": "CVE-2019-11050",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11050"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-7066",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7066"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2019-19645",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2020-7061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
},
{
"name": "CVE-2020-7059",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7059"
},
{
"name": "CVE-2019-11042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11042"
},
{
"name": "CVE-2019-11049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11049"
},
{
"name": "CVE-2021-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"initial_release_date": "2021-07-23T00:00:00",
"last_revision_date": "2021-07-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-571",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2021-14 du 22 juillet 2021",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
}
CERTFR-2023-AVI-0537
Vulnerability from certfr_avis - Published: 2023-07-13 - Updated: 2023-07-13
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 23.1R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S6-EVO, 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S1-EVO, 21.3R3-S4-EVO, 21.4R3-EVO, 21.4R3-S2-EVO, 21.4R3-S3-EVO, 21.4R3-S4-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.1R3-S3-EVO, 22.2R2-EVO, 22.2R2-S1-EVO, 22.2R3-S2-EVO*, 22.2R3-EVO et 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.4R1-EVO, 22.4R1-S2-EVO, 22.4R2-EVO, 23.1R1-EVO | ||
| Juniper Networks | Junos OS | Junos OS gamme QFX10000 versions antérieures à 20.4R3-S5, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S2, 22.3R2 et 22.4R1 | ||
| Juniper Networks | Junos OS | Junos OS gamme SRX versions antérieures à 20.2R3-S7, 20.4R3-S6, 21.1R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 22.1R3-S1, 22.2R3, 22.3R2, 22.3R2-S1, 22.3R3, 22.4R1-S1, 22.4R1-S2, 22.4R2 et 23.1R1 | ||
| Juniper Networks | Junos OS | Junos OS gamme MX versions antérieures à 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.2R3-S8, 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 21.4R3-S4, 22.1R3-S2, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R2-S1, 22.4R1-S2, 22.4R2 et 23.1R1 | ||
| Juniper Networks | N/A | Juniper Networks gammes SRX et MX versions antérieures à SigPack 3598 | ||
| Juniper Networks | Junos OS | Junos OS gammes SRX 4600 et SRX 5000 versions antérieures à 20.2R3-S7, 20.4R3-S7, 21.1R3-S5, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S1, 22.3R2 et 22.4R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 19.1R3-S10, 19.2R3-S7, 19.3R3-S7, 19.3R3-S8, 19.4R3-S9, 19.4R3-S10, 19.4R3-S11, 20.2R3-S7, 20.3R3-S5, 20.3R3-S6, 20.4R3-S6, 20.4R3-S7, 21.1R3-S4, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R2, 20.2R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.2R3-S5, 21.3R3-S2, 21.3R3-S4, 21.4R3, 21.4R3-S4, 22.1R3, 22.2R2, 22.2R3, 22.3R1, 22.3R2, 22.4R1 et 23.2R1 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Cloud versions antérieures à 16.3.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 23.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S6-EVO, 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S1-EVO, 21.3R3-S4-EVO, 21.4R3-EVO, 21.4R3-S2-EVO, 21.4R3-S3-EVO, 21.4R3-S4-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.1R3-S3-EVO, 22.2R2-EVO, 22.2R2-S1-EVO, 22.2R3-S2-EVO*, 22.2R3-EVO et 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.4R1-EVO, 22.4R1-S2-EVO, 22.4R2-EVO, 23.1R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS gamme QFX10000 versions ant\u00e9rieures \u00e0 20.4R3-S5, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S2, 22.3R2 et 22.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS gamme SRX versions ant\u00e9rieures \u00e0 20.2R3-S7, 20.4R3-S6, 21.1R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 22.1R3-S1, 22.2R3, 22.3R2, 22.3R2-S1, 22.3R3, 22.4R1-S1, 22.4R1-S2, 22.4R2 et 23.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS gamme MX versions ant\u00e9rieures \u00e0 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.2R3-S8, 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 21.4R3-S4, 22.1R3-S2, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R2-S1, 22.4R1-S2, 22.4R2 et 23.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks gammes SRX et MX versions ant\u00e9rieures \u00e0 SigPack 3598",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS gammes SRX 4600 et SRX 5000 versions ant\u00e9rieures \u00e0 20.2R3-S7, 20.4R3-S7, 21.1R3-S5, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S1, 22.3R2 et 22.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 19.1R3-S10, 19.2R3-S7, 19.3R3-S7, 19.3R3-S8, 19.4R3-S9, 19.4R3-S10, 19.4R3-S11, 20.2R3-S7, 20.3R3-S5, 20.3R3-S6, 20.4R3-S6, 20.4R3-S7, 21.1R3-S4, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R2, 20.2R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.2R3-S5, 21.3R3-S2, 21.3R3-S4, 21.4R3, 21.4R3-S4, 22.1R3, 22.2R2, 22.2R3, 22.3R1, 22.3R2, 22.4R1 et 23.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Cloud versions ant\u00e9rieures \u00e0 16.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40085"
},
{
"name": "CVE-2022-41974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
},
{
"name": "CVE-2023-36831",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36831"
},
{
"name": "CVE-2023-36848",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36848"
},
{
"name": "CVE-2022-23825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23825"
},
{
"name": "CVE-2023-36850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36850"
},
{
"name": "CVE-2023-36833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36833"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2022-30123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30123"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2022-31626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31626"
},
{
"name": "CVE-2020-7071",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7071"
},
{
"name": "CVE-2021-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21704"
},
{
"name": "CVE-2023-36849",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36849"
},
{
"name": "CVE-2021-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21705"
},
{
"name": "CVE-2022-31625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31625"
},
{
"name": "CVE-2020-13946",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13946"
},
{
"name": "CVE-2021-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21707"
},
{
"name": "CVE-2023-36832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36832"
},
{
"name": "CVE-2022-31629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31629"
},
{
"name": "CVE-2023-36836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36836"
},
{
"name": "CVE-2017-7653",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7653"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2021-26401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26401"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-31627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31627"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2022-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
},
{
"name": "CVE-2022-31628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31628"
},
{
"name": "CVE-2023-36834",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36834"
},
{
"name": "CVE-2017-7654",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7654"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2023-36840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36840"
},
{
"name": "CVE-2021-21708",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21708"
},
{
"name": "CVE-2021-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21703"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2022-3276",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3276"
},
{
"name": "CVE-2017-7655",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7655"
},
{
"name": "CVE-2021-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
},
{
"name": "CVE-2023-28985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28985"
},
{
"name": "CVE-2023-36838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36838"
},
{
"name": "CVE-2023-36835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36835"
}
],
"initial_release_date": "2023-07-13T00:00:00",
"last_revision_date": "2023-07-13T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0537",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71636 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-SRX-Series-jbuf-memory-leak-when-SSL-Proxy-and-UTM-Web-Filtering-is-applied-CVE-2023-36831?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71639 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-MX-Series-PFE-crash-upon-receipt-of-specific-packet-destined-to-an-AMS-interface-CVE-2023-36832?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71661 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-MX-Series-An-MPC-will-crash-upon-receipt-of-a-malformed-CFM-packet-CVE-2023-36850?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71659 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-The-FPC-will-crash-on-receiving-a-malformed-CFM-packet-CVE-2023-36848?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71647 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-occurs-when-a-specific-L2VPN-command-is-run-CVE-2023-36840?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71642 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-QFX10000-Series-All-traffic-will-be-dropped-after-a-specific-valid-IP-packet-has-been-received-which-needs-to-be-routed-over-a-VXLAN-tunnel-CVE-2023-36835?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71660 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-l2cpd-will-crash-when-a-malformed-LLDP-packet-is-received-CVE-2023-36849?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71662 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-SRX-Series-and-MX-Series-An-FPC-core-is-observed-when-IDP-is-enabled-on-the-device-and-a-specific-malformed-SSL-packet-is-received-CVE-2023-28985?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71651 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-Evolved-Multiple-NTP-vulnerabilities-resolved?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71643 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-MoFRR-scenario-an-rpd-core-may-be-observed-when-a-low-privileged-CLI-command-is-executed-CVE-2023-36836?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71641 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-SRX-4600-and-SRX-5000-Series-The-receipt-of-specific-genuine-packets-by-SRXes-configured-for-L2-transparency-will-cause-a-DoS-CVE-2023-36834?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71645 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-SRX-Series-A-flowd-core-occurs-when-running-a-low-privileged-CLI-command-CVE-2023-36838?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71653 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-J-Web-Multiple-Vulnerabilities-in-PHP-software?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71650 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Contrail-Cloud-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Cloud-release-16-3-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71655 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-have-been-resolved-in-MQTT?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71640 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-Evolved-PTX10001-36MR-and-PTX10004-PTX10008-PTX10016-with-LC1201-1202-The-aftman-bt-process-will-crash-in-a-MoFRR-scenario-CVE-2023-36833?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA71656 du 12 juillet 2023",
"url": "https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-23-1R1-release?language=en_US"
}
]
}
CERTFR-2021-AVI-084
Vulnerability from certfr_avis - Published: 2021-02-05 - Updated: 2021-02-05
De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PHP versions 7.3.x ant\u00e9rieures \u00e0 7.3.27",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
},
{
"description": "PHP versions 7.4.x ant\u00e9rieures \u00e0 7.4.15",
"product": {
"name": "PHP",
"vendor": {
"name": "PHP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
}
],
"initial_release_date": "2021-02-05T00:00:00",
"last_revision_date": "2021-02-05T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-084",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHP 7.4.15 du 04 f\u00e9vrier 2021",
"url": "https://www.php.net/ChangeLog-7.php#7.4.15"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 PHP 7.3.27 du 04 f\u00e9vrier 2021",
"url": "https://www.php.net/ChangeLog-7.php#7.3.27"
}
]
}
CERTFR-2022-AVI-291
Vulnerability from certfr_avis - Published: 2022-03-31 - Updated: 2022-03-31
De multiples vulnérabilités ont été découvertes dans Zimbra. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Synacor | Zimbra Collaboration | Zimbra Collaboration Joule versions antérieures à 8.8.15 Patch 31 | ||
| Synacor | Zimbra Collaboration | Zimbra Collaboration Kepler versions antérieures à 9.0.0 Patch 24 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Zimbra Collaboration Joule versions ant\u00e9rieures \u00e0 8.8.15 Patch 31",
"product": {
"name": "Zimbra Collaboration",
"vendor": {
"name": "Synacor",
"scada": false
}
}
},
{
"description": "Zimbra Collaboration Kepler versions ant\u00e9rieures \u00e0 9.0.0 Patch 24",
"product": {
"name": "Zimbra Collaboration",
"vendor": {
"name": "Synacor",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-27925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27925"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2022-27924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27924"
},
{
"name": "CVE-2022-27926",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27926"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2021-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
}
],
"initial_release_date": "2022-03-31T00:00:00",
"last_revision_date": "2022-03-31T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-291",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zimbra. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zimbra",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Zimbra 8.8.15/P31 du 30 mars 2022",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P31"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Zimbra 9.0.0/P24 du 30 mars 2022",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"
}
]
}
cve-2021-21702
Vulnerability from osv_almalinux
Published
2021-11-09 08:42
Modified
2021-11-09 12:52
Summary
Moderate: php:7.4 security, bug fix, and enhancement update
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php (7.4.19). (BZ#1944110)
Security Fix(es):
-
php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)
-
php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071)
-
php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068)
-
php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070)
-
php: NULL pointer dereference in SoapClient (CVE-2021-21702)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "apcu-panel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libzip-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-bcmath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dba"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-dbg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-embedded"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-enchant"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-fpm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-gmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-intl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mbstring"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-mysqlnd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-odbc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-opcache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pdo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pear"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.10.12-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-apcu-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.18-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.4.0+2229+b272fdef"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-rrd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-1.module_el8.3.0+2009+b272fdef"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-xdebug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.5-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pecl-zip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.2-1.module_el8.6.0+2750+78feabcb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-pgsql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-process"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-soap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "php-xmlrpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.19-3.module_el8.6.0+2976+8b9a0d08"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nThe following packages have been upgraded to a later upstream version: php (7.4.19). (BZ#1944110)\n\nSecurity Fix(es):\n\n* php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)\n\n* php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071)\n\n* php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068)\n\n* php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070)\n\n* php: NULL pointer dereference in SoapClient (CVE-2021-21702)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:4213",
"modified": "2021-11-09T12:52:36Z",
"published": "2021-11-09T08:42:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-4213.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-7068"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-7069"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-7070"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-7071"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-21702"
}
],
"related": [
"CVE-2020-7069",
"CVE-2020-7071",
"CVE-2020-7068",
"CVE-2020-7070",
"CVE-2021-21702"
],
"summary": "Moderate: php:7.4 security, bug fix, and enhancement update"
}
CVE-2021-21702
Vulnerability from fstec - Published: 14.02.2021
VLAI Severity ?
Title
Уязвимость расширения SOAP интерпретатора PHP, позволяющая нарушителю вызвать аварийное завершение работы приложения
Description
Уязвимость расширения SOAP интерпретатора PHP связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать аварийное завершение работы приложения
Severity ?
Vendor
ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, NetApp Inc., PHP Group, ООО «Ред Софт», АО «ИВК», АО "НППКТ"
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Clustered Data ONTAP, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), PHP, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), - (Clustered Data ONTAP), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), от 7.3.0 до 7.3.27 (PHP), от 7.4.0 до 7.4.15 (PHP), от 8.0.0 до 8.0.2 (PHP), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (Альт 8 СП), до 2.6 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для PHP:
https://bugs.php.net/bug.php?id=80672
Для Debian GNU/Linux:
https://www.debian.org/security/2021/dsa-4856
Для NetApp:
https://security.netapp.com/advisory/ntap-20210312-0005/
Для РЕДС ОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-php-cve-2021-21708-cve-2022-31625-cve-2021-21702-cve-2021-21705-cve-2021-/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения php7.3 до версии 7.3.31-1~deb10u1osnovau3
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет php7.0 до 7.0.33-0+deb9u12+ci202111191628+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС Astra Linux:
обновить пакет php7.3 до 7.3.29-1~deb10u1+ci202109271134+astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
https://www.debian.org/security/2021/dsa-4856
https://nvd.nist.gov/vuln/detail/CVE-2021-21702
https://bugs.php.net/bug.php?id=80672
https://security.netapp.com/advisory/ntap-20210312-0005/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-php-cve-2021-21708-cve-2022-31625-cve-2021-21702-cve-2021-21705-cve-2021-/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-476
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, NetApp Inc., PHP Group, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), - (Clustered Data ONTAP), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u043e\u0442 7.3.0 \u0434\u043e 7.3.27 (PHP), \u043e\u0442 7.4.0 \u0434\u043e 7.4.15 (PHP), \u043e\u0442 8.0.0 \u0434\u043e 8.0.2 (PHP), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f PHP:\nhttps://bugs.php.net/bug.php?id=80672\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2021/dsa-4856\n\n\u0414\u043b\u044f NetApp:\nhttps://security.netapp.com/advisory/ntap-20210312-0005/\n\n\u0414\u043b\u044f \u0420\u0415\u0414\u0421 \u041e\u0421:\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-php-cve-2021-21708-cve-2022-31625-cve-2021-21702-cve-2021-21705-cve-2021-/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f php7.3 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7.3.31-1~deb10u1osnovau3\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 php7.0 \u0434\u043e 7.0.33-0+deb9u12+ci202111191628+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 php7.3 \u0434\u043e 7.3.29-1~deb10u1+ci202109271134+astra3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.02.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.06.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03159",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-21702",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Clustered Data ONTAP, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), PHP, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , NetApp Inc. Clustered Data ONTAP - , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f SOAP \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 PHP, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e\u0435 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u0435 \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f SOAP \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 PHP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e\u0435 \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u0435 \u0440\u0430\u0431\u043e\u0442\u044b \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.debian.org/security/2021/dsa-4856\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21702\nhttps://bugs.php.net/bug.php?id=80672\nhttps://security.netapp.com/advisory/ntap-20210312-0005/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-php-cve-2021-21708-cve-2022-31625-cve-2021-21702-cve-2021-21705-cve-2021-/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
FKIE_CVE-2021-21702
Vulnerability from fkie_nvd - Published: 2021-02-15 04:15 - Updated: 2024-11-21 05:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
References
| URL | Tags | ||
|---|---|---|---|
| security@php.net | https://bugs.php.net/bug.php?id=80672 | Issue Tracking, Vendor Advisory | |
| security@php.net | https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html | Mailing List, Third Party Advisory | |
| security@php.net | https://security.gentoo.org/glsa/202105-23 | Third Party Advisory | |
| security@php.net | https://security.netapp.com/advisory/ntap-20210312-0005/ | Third Party Advisory | |
| security@php.net | https://www.debian.org/security/2021/dsa-4856 | Third Party Advisory | |
| security@php.net | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| security@php.net | https://www.tenable.com/security/tns-2021-14 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.php.net/bug.php?id=80672 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202105-23 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210312-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4856 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2021-14 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| php | php | * | |
| php | php | * | |
| php | php | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | clustered_data_ontap | - | |
| oracle | communications_diameter_signaling_router | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A1DC5C-CFAD-4A37-8343-8F18F446ED45",
"versionEndExcluding": "7.3.27",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8043349D-1EEB-46ED-9DC4-7D1D7B60BC78",
"versionEndExcluding": "7.4.15",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D70FC63A-BC22-491B-836F-7FDA82D61908",
"versionEndExcluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash."
},
{
"lang": "es",
"value": "En PHP versiones 7.3.x por debajo de 7.3.27, 7.4.x por debajo de 7.4.15 y 8.0.x por debajo de 8.0.2, cuando se usa la extensi\u00f3n SOAP para conectarse a un servidor SOAP, un servidor SOAP malicioso podr\u00eda devolver datos XML malformados como respuesta eso har\u00eda que PHP acceda a un puntero null y, por tanto, causar\u00eda un bloqueo"
}
],
"id": "CVE-2021-21702",
"lastModified": "2024-11-21T05:48:51.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@php.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-15T04:15:12.673",
"references": [
{
"source": "security@php.net",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"source": "security@php.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"source": "security@php.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"source": "security@php.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
},
{
"source": "security@php.net",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"source": "security@php.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "security@php.net",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"sourceIdentifier": "security@php.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security@php.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5HG4-WC97-MW4M
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42
VLAI?
Details
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
{
"affected": [],
"aliases": [
"CVE-2021-21702"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-15T04:15:00Z",
"severity": "HIGH"
},
"details": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.",
"id": "GHSA-5hg4-wc97-mw4m",
"modified": "2022-05-24T17:42:15Z",
"published": "2022-05-24T17:42:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21702"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=80672"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210312-0005"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…