UBUNTU-CVE-2021-3838

Source
https://ubuntu.com/security/CVE-2021-3838
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-3838.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-3838
Related
Published
2023-02-14T00:00:00Z
Modified
2024-11-21T16:31:32Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.

References

Affected packages

Ubuntu:Pro:16.04:LTS / php-dompdf

Package

Name
php-dompdf
Purl
pkg:deb/ubuntu/php-dompdf?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.1+dfsg-2ubuntu1+esm1

Affected versions

0.*

0.6.1+dfsg-2
0.6.1+dfsg-2build1
0.6.1+dfsg-2ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.1+dfsg-2ubuntu1+esm1",
            "binary_name": "php-dompdf"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / php-dompdf

Package

Name
php-dompdf
Purl
pkg:deb/ubuntu/php-dompdf?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.2+dfsg-3ubuntu0.18.04.1~esm1

Affected versions

0.*

0.6.2+dfsg-3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.2+dfsg-3ubuntu0.18.04.1~esm1",
            "binary_name": "php-dompdf"
        }
    ]
}

Ubuntu:20.04:LTS / php-dompdf

Package

Name
php-dompdf
Purl
pkg:deb/ubuntu/php-dompdf?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.2+dfsg-3ubuntu0.20.04.1

Affected versions

0.*

0.6.2+dfsg-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.2+dfsg-3ubuntu0.20.04.1",
            "binary_name": "php-dompdf"
        }
    ]
}

Ubuntu:22.04:LTS / php-dompdf

Package

Name
php-dompdf
Purl
pkg:deb/ubuntu/php-dompdf?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.2+dfsg-3.1ubuntu0.1

Affected versions

0.*

0.6.2+dfsg-3.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.6.2+dfsg-3.1ubuntu0.1",
            "binary_name": "php-dompdf"
        }
    ]
}