| |
Vulnerability CVE-2021-21704
Published: 2021-10-04
| Description: |
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. |
Type:
CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
None |
Partial |
References: |
https://bugs.php.net/bug.php?id=76450
https://bugs.php.net/bug.php?id=76452
https://bugs.php.net/bug.php?id=76449
https://bugs.php.net/bug.php?id=76448
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
