CVE-2021-21704

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21704

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21704.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-21704

Aliases

Downstream

DEBIAN-CVE-2021-21704

DLA-2708-1

DSA-4935-1

OESA-2021-1389

SUSE-SU-2021:2636-1

SUSE-SU-2021:2637-1

SUSE-SU-2021:2638-1

SUSE-SU-2021:2795-1

SUSE-SU-2022:4067-1

SUSE-SU-2022:4068-1

SUSE-SU-2022:4069-1

UBUNTU-CVE-2021-21704

USN-5006-1

USN-5006-2

openSUSE-SU-2021:1130-1

openSUSE-SU-2021:2637-1

openSUSE-SU-2021:2795-1

Related

Published

2021-10-04T04:15:07Z

Modified

2025-10-15T04:36:23Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type: GIT
Repo: https://github.com/php/php-src
Events: Introduced

52ace952a1b65ca80fc2617f11c2fa6dd03f51bd

Fixed

0960f2cdcf27e843ab5102559d291de9997739ea