CVE-2021-21708 — Use After Free in Group PHP

CWE-416 — Use After Free9 documents9 sources

Severity

9.8CRITICALNVD

CNA8.2

EPSS

0.2%

top 55.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Group PHP PHP

Timeline

PublishedFeb 27

Latest updateOct 15

Description

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDphp/php7.4.0 — 7.4.28+2

▶CVEListV5php_group/php7.4.x — 7.4.28+2

Patches

Patch: bugs.php.net ↗Patch: bugs.php.net ↗

🔴Vulnerability Details

GHSA

GHSA-g9qg-rg7j-whhx: In PHP versions 7↗2022-02-28

▶

OSV

CVE-2021-21708: In PHP versions 7↗2022-02-27

▶

CVEList

UAF due to php_filter_float() failing↗2022-02-27

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Platform (PHP) — CVE-2021-21708↗2022-10-15

▶

Ubuntu

PHP vulnerability↗2022-02-28

▶

Red Hat

php: Use after free due to php_filter_float() failing for ints↗2022-02-17

▶

Microsoft

UAF due to php_filter_float() failing↗2022-02-08

▶

Debian

CVE-2021-21708: php7.4 - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, w...↗2021

▶