Unrated severityNVD Advisory· Published Oct 4, 2021· Updated Sep 17, 2024

Multiple vulnerabilities in Firebird client extension

CVE-2021-21704

Description

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

Affected products

Php Group/PHPv5
Range: 7.3.x

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202209-20mitrevendor-advisoryx_refsource_GENTOO
bugs.php.net/bug.phpmitrex_refsource_MISC
bugs.php.net/bug.phpmitrex_refsource_MISC
bugs.php.net/bug.phpmitrex_refsource_MISC
bugs.php.net/bug.phpmitrex_refsource_MISC
security.netapp.com/advisory/ntap-20211029-0006/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000