Vulnerability CVE-2021-21704

Vulnerability Name:

CVE-2021-21704 (CCN-210568)

Assigned:

2021-06-28

Published:

2021-06-28

Updated:

2022-10-25

Summary:

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-787

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-21704

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Vendor Advisory
N/A

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Vendor Advisory
N/A

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Vendor Advisory
N/A

Source: CCN
Type: PHP Sec Bug #76452
Crash while parsing blob data in firebird_fetch_blob

Source: CONFIRM
Type: Exploit, Issue Tracking, Patch, Vendor Advisory
N/A

Source: XF
Type: UNKNOWN
php-cve202121704-dos(210568)

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-20

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20211029-0006/

Source: CCN
Type: PHP Web site
PHP

Vulnerable Configuration:

Configuration 1:

cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 8.0.0 and < 8.0.8)

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.4.0 and < 7.4.21)

OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 7.3.0 and < 7.3.29)

Configuration 2:

cpe:/a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8183	P	Security update for amazon-ssm-agent (Important)	2023-06-16
oval:org.opensuse.security:def:7433	P	apache-commons-io-2.11.0-150200.3.9.4 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7477	P	cyrus-sasl-2.1.28-150500.1.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8075	P	apache2-mod_php7-7.4.33-150400.4.22.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8161	P	Security update for openvswitch (Important)	2023-05-25
oval:org.opensuse.security:def:6141	P	Security update for rsync (Important)	2022-08-19
oval:org.opensuse.security:def:6124	P	Security update for java-11-openjdk (Important)	2022-08-01
oval:org.opensuse.security:def:3434	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95064	P	apache2-mod_php7-7.4.25-150400.2.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95345	P	Security update for php7 (Low)	2022-05-19
oval:org.opensuse.security:def:95359	P	Security update for MozillaThunderbird (Important)	2022-04-13
oval:org.opensuse.security:def:93275	P	(Moderate)	2021-12-06
oval:org.opensuse.security:def:102072	P	Security update for postgresql12 (Important)	2021-11-22
oval:org.opensuse.security:def:102058	P	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)	2021-08-23
oval:org.opensuse.security:def:9020	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:91986	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:10138	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:92771	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:69912	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:108738	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:67230	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:99522	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:9384	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:92181	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:10323	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:98936	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:8640	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:92969	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:5811	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:70278	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:76298	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:99721	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:9573	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:92373	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:69524	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:111677	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:66900	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:99131	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:8825	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:93122	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:70463	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:100031	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:9772	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:92572	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:69713	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:75968	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:99323	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:111004	P	Security update for php7 (Important)	2021-08-10
oval:org.opensuse.security:def:20975	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:69250	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:49447	P	Security update for php72 (Important)	2021-08-06
oval:org.opensuse.security:def:96126	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:5797	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:118322	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:102056	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:76281	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:20976	P	Security update for php72 (Important)	2021-08-06
oval:org.opensuse.security:def:69272	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:111656	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:66886	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:118578	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:109237	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:68522	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:102266	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:26101	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:5088	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:102571	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:75954	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:109482	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:68566	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:1476	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:49446	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:95858	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:26102	P	Security update for php72 (Important)	2021-08-06
oval:org.opensuse.security:def:5089	P	Security update for php72 (Important)	2021-08-06
oval:org.opensuse.security:def:108724	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:67213	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:102816	P	Security update for php7 (Important)	2021-08-06

BACK