Lucene search
F5F5:K14492558HistoryMar 23, 2022 - 12:00 a.m.
K14492558 : PHP vulnerability CVE-2021-21708
2022-03-2300:00:00
my.f5.com
72
php version 7.4.28
php version 8.0.16
php version 8.1.3
filter_validate_float
memory allocation
rce
Security Advisory Description
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. (CVE-2021-21708)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
veracode
veracode
Denial Of Service (DoS)
2022-02-18 16:08:38
nvd
nvd
CVE-2021-21708
2022-02-27 08:15:06
fedora
fedora
[SECURITY] Fedora 34 Update: php-7.4.28-1.fc34
2022-02-23 16:15:14
[SECURITY] Fedora 35 Update: php-8.0.16-1.fc35
2022-02-22 19:12:07
cbl_mariner
cbl_mariner
CVE-2021-21708 affecting package php 7.4.14-3
2024-10-01 09:12:11
openvas
openvas
Slackware: Security Advisory (SSA:2022-048-02)
2022-04-21 00:00:00
Ubuntu: Security Advisory (USN-5303-1)
2022-03-01 00:00:00
osv
osv
CVE-2021-21708
2022-02-27 08:15:06
php8-8.1.3-1.1 on GA media
2024-06-15 00:00:00
php7.4, php8.0 vulnerability
2022-02-28 12:20:07
slackware
slackware
[slackware-security] php
2022-02-18 05:43:10
altlinux
altlinux
Security fix for the ALT Linux 10 package php8.1 version 8.1.3-alt1
2022-02-28 00:00:00
Security fix for the ALT Linux 10 package php7 version 7.4.28-alt1
2022-03-01 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 8.0.16-alt1
2022-02-28 00:00:00
ubuntu
ubuntu
PHP vulnerability
2022-02-28 00:00:00
cve
cve
CVE-2021-21708
2022-02-27 08:15:06
prion
prion
Memory corruption
2022-02-27 08:15:00
nessus
nessus
Ubuntu 20.04 LTS : PHP vulnerability (USN-5303-1)
2022-02-28 00:00:00
SUSE SLES15 Security Update : php7 (SUSE-SU-2022:0847-1)
2022-03-16 00:00:00
openSUSE 15 Security Update : php7 (openSUSE-SU-2022:0847-1)
2022-03-17 00:00:00
debiancve
debiancve
CVE-2021-21708
2022-02-27 08:15:06
ubuntucve
ubuntucve
CVE-2021-21708
2021-12-31 00:00:00
alpinelinux
alpinelinux
CVE-2021-21708
2022-02-27 08:15:06
suse
suse
Security update for php7 (important)
2022-03-15 00:00:00
redhatcve
redhatcve
CVE-2021-21708
2022-02-17 21:21:43
cvelist
cvelist
CVE-2021-21708 UAF due to php_filter_float() failing
2022-02-27 08:00:12
oraclelinux
oraclelinux
php security, bug fix, and enhancement update
2022-11-22 00:00:00
php:8.0 security, bug fix, and enhancement update
2022-11-15 00:00:00
php:7.4 security, bug fix, and enhancement update
2022-11-15 00:00:00
redhat
redhat
(RHSA-2022:8197) Moderate: php security, bug fix, and enhancement update
2022-11-15 06:18:21
(RHSA-2022:7624) Moderate: php:8.0 security, bug fix, and enhancement update
2022-11-08 06:24:57
(RHSA-2022:7628) Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
rocky
rocky
php security, bug fix, and enhancement update
2022-11-15 06:18:21
php:8.0 security, bug fix, and enhancement update
2022-11-08 06:24:57
php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
debian
debian
[SECURITY] [DSA 5082-1] php7.4 security update
2022-02-18 19:09:20
almalinux
almalinux
Moderate: php:8.0 security, bug fix, and enhancement update
2022-11-08 00:00:00
Moderate: php security, bug fix, and enhancement update
2022-11-15 00:00:00
Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 00:00:00
ibm
ibm
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-09-29 00:00:00
redos
redos
ROS-20220826-01
2022-08-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00