CVE-2021-21702 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A security issue was found in PHP before versions 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV via null-pointer dereference whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in versions 8.0.2, 7.4.15 and 7.3.27.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1532	php7	7.4.14-1	7.4.15-1	Medium	Fixed
AVG-1531	php	8.0.1-1	8.0.2-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
07 Feb 2021	ASA-202102-15	AVG-1531	php	Medium	denial of service
06 Feb 2021	ASA-202102-14	AVG-1532	php7	Medium	denial of service

References
https://bugs.php.net/bug.php?id=80672 https://git.php.net/?p=php-src.git;a=commitdiff;h=f733ee195462201b2cbd1d17df2f752ee88771ba https://git.php.net/?p=php-src.git;a=commitdiff;h=91655b45ea0a81f2d3003a7e6604e5f419d84df4 https://git.php.net/?p=php-src.git;a=commitdiff;h=3c939e3f69955d087e0bb671868f7267dfb2a502

References

https://bugs.php.net/bug.php?id=80672
https://git.php.net/?p=php-src.git;a=commitdiff;h=f733ee195462201b2cbd1d17df2f752ee88771ba
https://git.php.net/?p=php-src.git;a=commitdiff;h=91655b45ea0a81f2d3003a7e6604e5f419d84df4
https://git.php.net/?p=php-src.git;a=commitdiff;h=3c939e3f69955d087e0bb671868f7267dfb2a502