CVE-2021-21703 - log back

CVE-2021-21703 edited at 26 Oct 2021 13:40:27
References
+ https://www.ambionics.io/blog/php-fpm-local-root
- https://www.php.net/ChangeLog-8.php#8.0.12
- https://www.php.net/ChangeLog-7.php#7.4.25
https://bugs.php.net/bug.php?id=81026
https://github.com/php/php-src/commit/ea58ca0aff4ba3e82f926863e5f997d5fd3371f3
https://github.com/php/php-src/commit/81bf9b1a9f6def4a6f742a6b41ddc92005ab638f
CVE-2021-21703 edited at 25 Oct 2021 10:29:33
References
https://www.php.net/ChangeLog-8.php#8.0.12
+ https://www.php.net/ChangeLog-7.php#7.4.25
https://bugs.php.net/bug.php?id=81026
https://github.com/php/php-src/commit/ea58ca0aff4ba3e82f926863e5f997d5fd3371f3
https://github.com/php/php-src/commit/81bf9b1a9f6def4a6f742a6b41ddc92005ab638f
CVE-2021-21703 edited at 21 Oct 2021 11:57:05
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A security issue was found in PHP before versions 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root.
References
+ https://www.php.net/ChangeLog-8.php#8.0.12
+ https://bugs.php.net/bug.php?id=81026
+ https://github.com/php/php-src/commit/ea58ca0aff4ba3e82f926863e5f997d5fd3371f3
+ https://github.com/php/php-src/commit/81bf9b1a9f6def4a6f742a6b41ddc92005ab638f
Notes
CVE-2021-21703 created at 21 Oct 2021 11:49:00