CVE-2021-21704 MEDIUM

CVE-2021-21704: Multiple vulnerabilities in Firebird client extension

Vendor Php Group
Product PHP
Weakness CWE-125
Published October 4, 2021
Last update September 17, 2024

CVSS base score

5.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

Key dates

02Disclosure timeline

October 4, 2021 CVE published
September 17, 2024 Record updated