cbcvebase.
CVE-2021-21704
published 2021-10-04

CVE-2021-21704: In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause…

PriorityP431medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
1.72%
74.7th percentile
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianphp7.4< php7.4 7.4.21-1+deb11u1 (bullseye)php7.4 7.4.21-1+deb11u1 (bullseye)
linuxlinux_kernel>= 0 < 4.4.0-278.3124.4.0-278.312
linuxlinux_kernel>= 0 < 4.15.0-247.2594.15.0-247.259
msrccbl2_php_on_cbl_mariner_2.0
phpphp>= 7.3.0 < 7.3.297.3.29
phpphp>= 7.4.0 < 7.4.217.4.21
phpphp>= 8.0.0 < 8.0.88.0.8
php5php5>= 0 < 5.5.9+dfsg-1ubuntu4.29+esm145.5.9+dfsg-1ubuntu4.29+esm14
php_groupphp>= 7.3.x < 7.3.297.3.29
php_groupphp>= 7.4.x < 7.4.217.4.21
php_groupphp>= 8.0.X < 8.0.88.0.8

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.9MEDIUM
vendor_debian5.0MEDIUM
vendor_msrc5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu4.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.