Unrated severityNVD Advisory· Published Oct 4, 2021· Updated Sep 17, 2024
Multiple vulnerabilities in Firebird client extension
CVE-2021-21704
Description
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
40- osv-coords38 versionspkg:bitnami/libphppkg:bitnami/phppkg:bitnami/php-minpkg:rpm/opensuse/php7&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/php7&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/php7&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/php7-test&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/php7-test&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/php72&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php72&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/php74&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php74&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/php7&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/php7&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/php7&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/php7&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/php7&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/php7&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/php7&distro=SUSE%20Manager%20Server%204.0pkg:rpm/suse/php7&distro=SUSE%20Manager%20Server%204.1
>= 7.3.0, < 7.3.29+ 37 more
- (no CPE)range: >= 7.3.0, < 7.3.29
- (no CPE)range: >= 7.3.0, < 7.3.29
- (no CPE)range: >= 7.3.0, < 7.3.29
- (no CPE)range: < 7.4.6-lp152.2.18.1
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.2.34-150000.4.103.1
- (no CPE)range: < 7.4.6-lp152.2.18.1
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.2.5-1.66.1
- (no CPE)range: < 7.2.5-1.66.1
- (no CPE)range: < 7.4.6-1.24.1
- (no CPE)range: < 7.4.6-1.24.1
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.4.6-3.22.1
- (no CPE)range: < 7.4.6-3.22.1
- (no CPE)range: < 7.4.6-3.22.1
- (no CPE)range: < 7.4.6-3.22.1
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.4.33-150200.3.46.2
- (no CPE)range: < 7.2.5-4.79.1
- (no CPE)range: < 7.4.33-150200.3.46.2
Patches
Vulnerability mechanics
References
6- security.gentoo.org/glsa/202209-20mitrevendor-advisoryx_refsource_GENTOO
- bugs.php.net/bug.phpmitrex_refsource_MISC
- bugs.php.net/bug.phpmitrex_refsource_MISC
- bugs.php.net/bug.phpmitrex_refsource_MISC
- bugs.php.net/bug.phpmitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20211029-0006/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.