From 3435184dd35ecb051a78472e233f9220a2a73ae3 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 3 Oct 2021 20:56:24 -0700 Subject: [PATCH] Update latest PHP CVEs --- 2021/21xxx/CVE-2021-21704.json | 124 +++++++++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21705.json | 100 ++++++++++++++++++++++++-- 2021/21xxx/CVE-2021-21706.json | 103 +++++++++++++++++++++++++-- 3 files changed, 309 insertions(+), 18 deletions(-) diff --git a/2021/21xxx/CVE-2021-21704.json b/2021/21xxx/CVE-2021-21704.json index baa93635291..13eb6addc2c 100644 --- a/2021/21xxx/CVE-2021-21704.json +++ b/2021/21xxx/CVE-2021-21704.json @@ -1,18 +1,130 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@php.net", + "DATE_PUBLIC": "2021-06-21T11:41:00.000Z", "ID": "CVE-2021-21704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Multiple vulnerabilities in Firebird client extension" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.3.x", + "version_value": "7.3.29" + }, + { + "version_affected": "<", + "version_name": "7.4.x", + "version_value": "7.4.21" + }, + { + "version_affected": "<", + "version_name": "8.0.X", + "version_value": "8.0.8" + } + ] + } + } + ] + }, + "vendor_name": "PHP Group" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "reported by trichimtrich at gmail dot com" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. " } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=76448" + }, + { + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=76449" + }, + { + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=76450" + }, + { + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=76452" + } + ] + }, + "source": { + "defect": [ + "https://bugs.php.net/bug.php?id=76448", + "https://bugs.php.net/bug.php?id=76449", + "https://bugs.php.net/bug.php?id=76450", + "https://bugs.php.net/bug.php?id=76452", + "" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21705.json b/2021/21xxx/CVE-2021-21705.json index a749284ee5d..f5c7f0578b4 100644 --- a/2021/21xxx/CVE-2021-21705.json +++ b/2021/21xxx/CVE-2021-21705.json @@ -1,18 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@php.net", + "DATE_PUBLIC": "2021-06-28T11:41:00.000Z", "ID": "CVE-2021-21705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Incorrect URL validation in FILTER_VALIDATE_URL" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "7.3.x", + "version_value": "7.3.29" + }, + { + "version_affected": "<", + "version_name": "7.4.x", + "version_value": "7.4.21" + }, + { + "version_affected": "<", + "version_name": "8.0.X", + "version_value": "8.0.8" + } + ] + } + } + ] + }, + "vendor_name": "PHP Group" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "reported by vi at hackberry dot xyz" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. " } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=81122" + } + ] + }, + "source": { + "defect": [ + "https://bugs.php.net/bug.php?id=81122" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/21xxx/CVE-2021-21706.json b/2021/21xxx/CVE-2021-21706.json index b5f3490c0c7..737dcce9268 100644 --- a/2021/21xxx/CVE-2021-21706.json +++ b/2021/21xxx/CVE-2021-21706.json @@ -1,18 +1,109 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@php.net", + "DATE_PUBLIC": "2021-09-21T11:32:00.000Z", "ID": "CVE-2021-21706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "ZipArchive::extractTo may extract outside of destination dir" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "platform": "Windows", + "version_affected": "<", + "version_name": "7.3.x", + "version_value": "7.3.31" + }, + { + "platform": "Windows", + "version_affected": "<", + "version_name": "7.4.x", + "version_value": "7.4.24" + }, + { + "platform": "Windows", + "version_affected": "<", + "version_name": "8.0.X", + "version_value": "8.0.11" + } + ] + } + } + ] + }, + "vendor_name": "PHP Group" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "reported by vi at hackberry dot xyz" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. " } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-24 Path Traversal: '../filedir'" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=81420" + } + ] + }, + "source": { + "defect": [ + "https://bugs.php.net/bug.php?id=81420" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file