CVE-2021-21702 - log back

CVE-2021-21702 edited at 06 Feb 2021 16:54:59
Description
- A security issue was found in PHP before versions 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in versions 8.0.2, 7.4.15 and 7.3.27.
+ A security issue was found in PHP before versions 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV via null-pointer dereference whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in versions 8.0.2, 7.4.15 and 7.3.27.
CVE-2021-21702 edited at 04 Feb 2021 19:36:14
Description
- A security issue was found in PHP before version 8.0.2. PHP will crash with a SIGSEGV whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in version 8.0.2.
+ A security issue was found in PHP before versions 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in versions 8.0.2, 7.4.15 and 7.3.27.
References
https://bugs.php.net/bug.php?id=80672
https://git.php.net/?p=php-src.git;a=commitdiff;h=f733ee195462201b2cbd1d17df2f752ee88771ba
+ https://git.php.net/?p=php-src.git;a=commitdiff;h=91655b45ea0a81f2d3003a7e6604e5f419d84df4
+ https://git.php.net/?p=php-src.git;a=commitdiff;h=3c939e3f69955d087e0bb671868f7267dfb2a502
CVE-2021-21702 edited at 04 Feb 2021 19:27:01
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A security issue was found in PHP before version 8.0.2. PHP will crash with a SIGSEGV whenever an XML is provided to the SoapClient query() function without an existing field. The issue is fixed in version 8.0.2.
References
+ https://bugs.php.net/bug.php?id=80672
+ https://git.php.net/?p=php-src.git;a=commitdiff;h=f733ee195462201b2cbd1d17df2f752ee88771ba
Notes
CVE-2021-21702 created at 04 Feb 2021 19:25:11