CVE-2021-21703 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Privilege escalation
Description	A security issue was found in PHP before versions 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2487	php7	7.4.24-2	7.4.25-1	Medium	Fixed
AVG-2486	php	8.0.11-2	8.0.12-1	Medium	Fixed

References
https://www.ambionics.io/blog/php-fpm-local-root https://bugs.php.net/bug.php?id=81026 https://github.com/php/php-src/commit/ea58ca0aff4ba3e82f926863e5f997d5fd3371f3 https://github.com/php/php-src/commit/81bf9b1a9f6def4a6f742a6b41ddc92005ab638f

References

https://www.ambionics.io/blog/php-fpm-local-root
https://bugs.php.net/bug.php?id=81026
https://github.com/php/php-src/commit/ea58ca0aff4ba3e82f926863e5f997d5fd3371f3
https://github.com/php/php-src/commit/81bf9b1a9f6def4a6f742a6b41ddc92005ab638f