CVE-2021-21704
published 2021-10-04CVE-2021-21704: In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause…
PriorityP431medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
1.72%
74.7th percentile
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php7.4 | < php7.4 7.4.21-1+deb11u1 (bullseye) | php7.4 7.4.21-1+deb11u1 (bullseye) |
| linux | linux_kernel | >= 0 < 4.4.0-278.312 | 4.4.0-278.312 |
| linux | linux_kernel | >= 0 < 4.15.0-247.259 | 4.15.0-247.259 |
| msrc | cbl2_php_on_cbl_mariner_2.0 | — | — |
| php | php | >= 7.3.0 < 7.3.29 | 7.3.29 |
| php | php | >= 7.4.0 < 7.4.21 | 7.4.21 |
| php | php | >= 8.0.0 < 8.0.8 | 8.0.8 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.29+esm14 | 5.5.9+dfsg-1ubuntu4.29+esm14 |
| php_group | php | >= 7.3.x < 7.3.29 | 7.3.29 |
| php_group | php | >= 7.4.x < 7.4.21 | 7.4.21 |
| php_group | php | >= 8.0.X < 8.0.8 | 8.0.8 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.9MEDIUM
vendor_debian5.0MEDIUM
vendor_msrc5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu4.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Festo Didactic SE MES PC
cisa_ics·2026-01-27·CVSS 7.5
[HIGH] Festo Didactic SE MES PC
ICS Advisory
##
Festo Didactic SE MES PC
Release DateJanuary 27, 2026
Alert CodeICSA-26-027-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The
Microsoft
Multiple vulnerabilities in Firebird client extension
vendor_msrc·2021-10-12·CVSS 5.0
CVE-2021-21704 [MEDIUM] CWE-125 Multiple vulnerabilities in Firebird client extension
Multiple vulnerabilities in Firebird client extension
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
php: php
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.micro
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2021-07-13·CVSS 4.8
CVE-2021-21702 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
USN-5006-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. (CVE-2020-7068)
It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. (CVE-2020-7071)
It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remot
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2021-07-07·CVSS 4.8
CVE-2020-7071 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. This issue
only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068)
It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-7071)
It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remote attacker could possibl
Red Hat
php: security issues in pdo_firebase module
vendor_redhat·2021-07-01·CVSS 5.0
CVE-2021-21704 [MEDIUM] CWE-20 php: security issues in pdo_firebase module
php: security issues in pdo_firebase module
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
Several flaws has been found in php. The pdo_firebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before calculation of the exec procedure leading to a
Debian
CVE-2021-21704: php7.4 - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, wh...
vendor_debian·2021·CVSS 5.0
CVE-2021-21704 [MEDIUM] CVE-2021-21704: php7.4 - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, wh...
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
Scope: local
bullseye: resolved (fixed in 7.4.21-1+deb11u1)
OSV
linux-azure, linux-azure-4.15 vulnerabilities
osv·2026-03-24·CVSS 4.7
linux-azure, linux-azure-4.15 vulnerabilities
linux-azure, linux-azure-4.15 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- HFS+ file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215)
OSV
linux-azure vulnerabilities
osv·2026-03-24·CVSS 4.7
linux-azure vulnerabilities
linux-azure vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- HFS+ file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215)
OSV
linux-azure-fips vulnerabilities
osv·2026-03-24·CVSS 4.7
linux-azure-fips vulnerabilities
linux-azure-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- HFS+ file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215)
OSV
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
osv·2026-03-20·CVSS 4.7
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- HFS+ file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215)
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2026-03-20·CVSS 4.7
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- HFS+ file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215)
OSV
linux-aws, linux-lts-xenial vulnerabilities
osv·2026-03-04·CVSS 4.7
linux-aws, linux-lts-xenial vulnerabilities
linux-aws, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- File systems infrastructure;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56593, CVE-2025-21704,
CVE-2025-40215)
OSV
linux, linux-aws, linux-kvm vulnerabilities
osv·2026-03-04·CVSS 4.7
linux, linux-aws, linux-kvm vulnerabilities
linux, linux-aws, linux-kvm vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- File systems infrastructure;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56593, CVE-2025-21704,
CVE-2025-40215)
OSV
linux-fips vulnerabilities
osv·2026-03-04·CVSS 4.7
linux-fips vulnerabilities
linux-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- File systems infrastructure;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56593, CVE-2025-21704,
CVE-2025-40215)
GHSA
GHSA-q773-v75g-5rqg: In PHP versions 7
ghsa_unreviewed·2022-05-24
CVE-2021-21704 [MEDIUM] CWE-119 GHSA-q773-v75g-5rqg: In PHP versions 7
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
OSV
CVE-2021-21704: In PHP versions 7
osv·2021-10-04·CVSS 5.9
CVE-2021-21704 [MEDIUM] CVE-2021-21704: In PHP versions 7
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
OSV
php5, php7.0 vulnerabilities
osv·2021-07-13·CVSS 3.6
CVE-2020-7068 [LOW] php5, php7.0 vulnerabilities
php5, php7.0 vulnerabilities
USN-5006-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. (CVE-2020-7068)
It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. (CVE-2020-7071)
It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remote attacker could possibly
use this issue to cause P
OSV
php7.2, php7.4 vulnerabilities
osv·2021-07-07·CVSS 3.6
CVE-2020-7068 [LOW] php7.2, php7.4 vulnerabilities
php7.2, php7.4 vulnerabilities
It was discovered that PHP incorrectly handled certain PHAR files. A remote
attacker could possibly use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information. This issue
only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7068)
It was discovered that PHP incorrectly handled parsing URLs with passwords.
A remote attacker could possibly use this issue to cause PHP to mis-parse
the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-7071)
It was discovered that PHP incorrectly handled certain malformed XML data
when being parsed by the SOAP extension. A remote attacker could possibly
use this issue to cause PHP to crash, resulting
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugs.php.net/bug.php?id=76448https://bugs.php.net/bug.php?id=76449https://bugs.php.net/bug.php?id=76450https://bugs.php.net/bug.php?id=76452https://security.gentoo.org/glsa/202209-20https://security.netapp.com/advisory/ntap-20211029-0006/https://bugs.php.net/bug.php?id=76448https://bugs.php.net/bug.php?id=76449https://bugs.php.net/bug.php?id=76450https://bugs.php.net/bug.php?id=76452https://security.gentoo.org/glsa/202209-20https://security.netapp.com/advisory/ntap-20211029-0006/
2021-10-04
Published