UBUNTU-CVE-2021-21706
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2021-21706
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-21706.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-21706
- Related
- Published
- 2021-10-04T04:15:00Z
- Modified
- 2021-10-04T04:15:00Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
- References
Affected packages
Ubuntu:22.04:LTS / php8.1
Package
- Name
- php8.1
- Purl
- pkg:deb/ubuntu/php8.1@8.1.0-1?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.1.0-1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "negligible",
"binaries": [
{
"php8.1-pgsql": "8.1.0-1",
"php8.1": "8.1.0-1",
"php8.1-soap-dbgsym": "8.1.0-1",
"libapache2-mod-php8.1": "8.1.0-1",
"php8.1-fpm-dbgsym": "8.1.0-1",
"php8.1-zip-dbgsym": "8.1.0-1",
"php8.1-xml": "8.1.0-1",
"libphp8.1-embed": "8.1.0-1",
"php8.1-intl-dbgsym": "8.1.0-1",
"php8.1-curl-dbgsym": "8.1.0-1",
"php8.1-pspell-dbgsym": "8.1.0-1",
"php8.1-tidy-dbgsym": "8.1.0-1",
"php8.1-enchant-dbgsym": "8.1.0-1",
"php8.1-imap-dbgsym": "8.1.0-1",
"php8.1-cgi-dbgsym": "8.1.0-1",
"php8.1-mysql": "8.1.0-1",
"php8.1-odbc-dbgsym": "8.1.0-1",
"php8.1-bz2": "8.1.0-1",
"php8.1-interbase": "8.1.0-1",
"php8.1-readline": "8.1.0-1",
"php8.1-odbc": "8.1.0-1",
"php8.1-phpdbg": "8.1.0-1",
"php8.1-gd-dbgsym": "8.1.0-1",
"php8.1-sybase-dbgsym": "8.1.0-1",
"php8.1-opcache": "8.1.0-1",
"php8.1-intl": "8.1.0-1",
"php8.1-mbstring": "8.1.0-1",
"php8.1-common-dbgsym": "8.1.0-1",
"libapache2-mod-php8.1-dbgsym": "8.1.0-1",
"php8.1-xml-dbgsym": "8.1.0-1",
"php8.1-bcmath": "8.1.0-1",
"php8.1-cgi": "8.1.0-1",
"php8.1-pgsql-dbgsym": "8.1.0-1",
"php8.1-bcmath-dbgsym": "8.1.0-1",
"php8.1-readline-dbgsym": "8.1.0-1",
"php8.1-common": "8.1.0-1",
"php8.1-sqlite3-dbgsym": "8.1.0-1",
"php8.1-tidy": "8.1.0-1",
"php8.1-snmp-dbgsym": "8.1.0-1",
"php8.1-dev": "8.1.0-1",
"php8.1-dba-dbgsym": "8.1.0-1",
"php8.1-snmp": "8.1.0-1",
"php8.1-opcache-dbgsym": "8.1.0-1",
"php8.1-ldap": "8.1.0-1",
"php8.1-bz2-dbgsym": "8.1.0-1",
"php8.1-curl": "8.1.0-1",
"php8.1-gmp": "8.1.0-1",
"php8.1-sybase": "8.1.0-1",
"php8.1-cli": "8.1.0-1",
"php8.1-fpm": "8.1.0-1",
"php8.1-xsl": "8.1.0-1",
"php8.1-cli-dbgsym": "8.1.0-1",
"php8.1-gd": "8.1.0-1",
"php8.1-enchant": "8.1.0-1",
"php8.1-ldap-dbgsym": "8.1.0-1",
"php8.1-dba": "8.1.0-1",
"php8.1-zip": "8.1.0-1",
"php8.1-imap": "8.1.0-1",
"php8.1-interbase-dbgsym": "8.1.0-1",
"php8.1-mysql-dbgsym": "8.1.0-1",
"php8.1-gmp-dbgsym": "8.1.0-1",
"php8.1-phpdbg-dbgsym": "8.1.0-1",
"php8.1-sqlite3": "8.1.0-1",
"libphp8.1-embed-dbgsym": "8.1.0-1",
"php8.1-pspell": "8.1.0-1",
"php8.1-mbstring-dbgsym": "8.1.0-1",
"php8.1-soap": "8.1.0-1"
}
]
}