PT-2021-3510 · Php+6 · Php+6

Trichimtrich

·

Published

2021-06-29

·

Updated

2025-08-11

·

CVE-2021-21704

CVSS v2.0

5.4

Medium

VectorAV:N/AC:H/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions PHP versions 7.3.x through 7.3.28 PHP versions 7.4.x through 7.4.20 PHP versions 8.0.x through 8.0.7
Description The issue is related to insufficient input validation in the Firebird PDO driver extension. A malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch(), and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service, or potentially memory corruption.
Recommendations For PHP versions 7.3.x through 7.3.28, update to version 7.3.29 or later. For PHP versions 7.4.x through 7.4.20, update to version 7.4.21 or later. For PHP versions 8.0.x through 8.0.7, update to version 8.0.8 or later.

Exploit

Fix

DoS

Memory Corruption

RCE

Integer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-20CWE-190CWE-125

Related Identifiers

ALT-PU-2021-2180
ALT-PU-2021-2192
ALT-PU-2021-2809
ALT-PU-2021-3079
BDU:2021-03559
BIT-LIBPHP-2021-21704
BIT-PHP-2021-21704
BIT-PHP-MIN-2021-21704
CVE-2021-21704
DLA-2708-1
DSA-4935-1
MGASA-2021-0312
MGASA-2021-0330
OESA-2021-1389
OPENSUSE-SU-2021:1130-1
OPENSUSE-SU-2021:2637-1
OPENSUSE-SU-2021:2795-1
OPENSUSE-SU-2021_1130-1
OPENSUSE-SU-2021_2637-1
OPENSUSE-SU-2021_2795-1
OPENSUSE-SU-2022_4067-1
OPENSUSE-SU-2022_4069-1
SUSE-SU-2021:2636-1
SUSE-SU-2021:2637-1
SUSE-SU-2021:2638-1
SUSE-SU-2021:2795-1
SUSE-SU-2021_2636-1
SUSE-SU-2021_2637-1
SUSE-SU-2021_2638-1
SUSE-SU-2021_2795-1
SUSE-SU-2022:4067-1
SUSE-SU-2022:4068-1
SUSE-SU-2022:4069-1
USN-5006-1
USN-5006-2

Affected Products

Alt Linux
Astra Linux
Linuxmint
Php
Red Os
Suse
Ubuntu