PT-2021-3347 · Php+10 · Php+10

Published

2021-02-08

·

Updated

2025-08-11

·

CVE-2021-21702

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions PHP versions 7.3.x through 7.3.26 PHP versions 7.4.x through 7.4.14 PHP versions 8.0.x through 8.0.1
Description The issue is related to pointer dereference errors in the PHP SOAP extension. A malicious SOAP server could return malformed XML data, causing PHP to access a null pointer and resulting in a crash. This could allow a remote attacker to cause the application to terminate unexpectedly.
Recommendations For PHP versions 7.3.x through 7.3.26, update to version 7.3.27 or later. For PHP versions 7.4.x through 7.4.14, update to version 7.4.15 or later. For PHP versions 8.0.x through 8.0.1, update to version 8.0.2 or later.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2021:4213
ALT-PU-2021-1297
ALT-PU-2021-1319
ALT-PU-2021-3079
ALT-PU-2021-3645
BDU:2021-03159
BIT-LIBPHP-2021-21702
BIT-PHP-2021-21702
BIT-PHP-MIN-2021-21702
CESA-2021_4213
CVE-2021-21702
DLA-2708-1
DSA-4856-1
MGASA-2021-0076
OPENSUSE-SU-2021:0305-1
OPENSUSE-SU-2021_0305-1
OPENSUSE-SU-2022_4067-1
OPENSUSE-SU-2022_4069-1
OPENSUSE-SU-2024:11569-1
RHSA-2021:2992
RHSA-2021:4213
RHSA-2021_4213
RLSA-2021:4213
SUSE-SU-2021:0494-1
SUSE-SU-2021:0498-1
SUSE-SU-2021:0522-1
SUSE-SU-2021:0584-1
SUSE-SU-2021:14668-1
SUSE-SU-2021_0494-1
SUSE-SU-2021_0498-1
SUSE-SU-2021_0522-1
SUSE-SU-2021_0584-1
SUSE-SU-2021_14668-1
SUSE-SU-2022:4067-1
SUSE-SU-2022:4068-1
SUSE-SU-2022:4069-1
USN-5006-1
USN-5006-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu