---

CVE-2021-21703 - log back

CVE-2021-21703 edited at 26 Oct 2021 13:40:27
References	+ https://www.ambionics.io/blog/php-fpm-local-root - https://www.php.net/ChangeLog-8.php#8.0.12 - https://www.php.net/ChangeLog-7.php#7.4.25 https://bugs.php.net/bug.php?id=81026 https://github.com/php/php-src/commit/ea58ca0aff4ba3e82f926863e5f997d5fd3371f3 https://github.com/php/php-src/commit/81bf9b1a9f6def4a6f742a6b41ddc92005ab638f

CVE-2021-21703 edited at 25 Oct 2021 10:29:33
References	https://www.php.net/ChangeLog-8.php#8.0.12 + https://www.php.net/ChangeLog-7.php#7.4.25 https://bugs.php.net/bug.php?id=81026 https://github.com/php/php-src/commit/ea58ca0aff4ba3e82f926863e5f997d5fd3371f3 https://github.com/php/php-src/commit/81bf9b1a9f6def4a6f742a6b41ddc92005ab638f

CVE-2021-21703 edited at 21 Oct 2021 11:57:05
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Privilege escalation
Description	+ A security issue was found in PHP before versions 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root.
References	+ https://www.php.net/ChangeLog-8.php#8.0.12 + https://bugs.php.net/bug.php?id=81026 + https://github.com/php/php-src/commit/ea58ca0aff4ba3e82f926863e5f997d5fd3371f3 + https://github.com/php/php-src/commit/81bf9b1a9f6def4a6f742a6b41ddc92005ab638f
Notes

CVE-2021-21703 created at 21 Oct 2021 11:49:00