vulnerability
SUSE: CVE-2021-21708: SUSE Linux Security Advisory
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Feb 27, 2022 | Mar 2, 2022 | Dec 13, 2022 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Feb 27, 2022
Added
Mar 2, 2022
Modified
Dec 13, 2022
Description
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Solution(s)
suse-upgrade-apache2-mod_php7suse-upgrade-apache2-mod_php74suse-upgrade-php7suse-upgrade-php7-bcmathsuse-upgrade-php7-bz2suse-upgrade-php7-calendarsuse-upgrade-php7-clisuse-upgrade-php7-ctypesuse-upgrade-php7-curlsuse-upgrade-php7-dbasuse-upgrade-php7-develsuse-upgrade-php7-domsuse-upgrade-php7-embedsuse-upgrade-php7-enchantsuse-upgrade-php7-exifsuse-upgrade-php7-fastcgisuse-upgrade-php7-fileinfosuse-upgrade-php7-firebirdsuse-upgrade-php7-fpmsuse-upgrade-php7-ftpsuse-upgrade-php7-gdsuse-upgrade-php7-gettextsuse-upgrade-php7-gmpsuse-upgrade-php7-iconvsuse-upgrade-php7-intlsuse-upgrade-php7-jsonsuse-upgrade-php7-ldapsuse-upgrade-php7-mbstringsuse-upgrade-php7-mysqlsuse-upgrade-php7-odbcsuse-upgrade-php7-opcachesuse-upgrade-php7-opensslsuse-upgrade-php7-pcntlsuse-upgrade-php7-pdosuse-upgrade-php7-pgsqlsuse-upgrade-php7-pharsuse-upgrade-php7-posixsuse-upgrade-php7-readlinesuse-upgrade-php7-shmopsuse-upgrade-php7-snmpsuse-upgrade-php7-soapsuse-upgrade-php7-socketssuse-upgrade-php7-sodiumsuse-upgrade-php7-sqlitesuse-upgrade-php7-sysvmsgsuse-upgrade-php7-sysvsemsuse-upgrade-php7-sysvshmsuse-upgrade-php7-testsuse-upgrade-php7-tidysuse-upgrade-php7-tokenizersuse-upgrade-php7-xmlreadersuse-upgrade-php7-xmlrpcsuse-upgrade-php7-xmlwritersuse-upgrade-php7-xslsuse-upgrade-php7-zipsuse-upgrade-php7-zlibsuse-upgrade-php74suse-upgrade-php74-bcmathsuse-upgrade-php74-bz2suse-upgrade-php74-calendarsuse-upgrade-php74-ctypesuse-upgrade-php74-curlsuse-upgrade-php74-dbasuse-upgrade-php74-develsuse-upgrade-php74-domsuse-upgrade-php74-enchantsuse-upgrade-php74-exifsuse-upgrade-php74-fastcgisuse-upgrade-php74-fileinfosuse-upgrade-php74-fpmsuse-upgrade-php74-ftpsuse-upgrade-php74-gdsuse-upgrade-php74-gettextsuse-upgrade-php74-gmpsuse-upgrade-php74-iconvsuse-upgrade-php74-intlsuse-upgrade-php74-jsonsuse-upgrade-php74-ldapsuse-upgrade-php74-mbstringsuse-upgrade-php74-mysqlsuse-upgrade-php74-odbcsuse-upgrade-php74-opcachesuse-upgrade-php74-opensslsuse-upgrade-php74-pcntlsuse-upgrade-php74-pdosuse-upgrade-php74-pgsqlsuse-upgrade-php74-pharsuse-upgrade-php74-posixsuse-upgrade-php74-readlinesuse-upgrade-php74-shmopsuse-upgrade-php74-snmpsuse-upgrade-php74-soapsuse-upgrade-php74-socketssuse-upgrade-php74-sodiumsuse-upgrade-php74-sqlitesuse-upgrade-php74-sysvmsgsuse-upgrade-php74-sysvsemsuse-upgrade-php74-sysvshmsuse-upgrade-php74-tidysuse-upgrade-php74-tokenizersuse-upgrade-php74-xmlreadersuse-upgrade-php74-xmlrpcsuse-upgrade-php74-xmlwritersuse-upgrade-php74-xslsuse-upgrade-php74-zipsuse-upgrade-php74-zlib

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.