CVE-2021-21703

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:30

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/', 'name': 'FEDORA-2021-4140b54de2', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/', 'name': 'FEDORA-2021-02d218c3be', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/', 'name': 'FEDORA-2021-9f68f5f752', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/ -

29 Oct 2022, 02:44

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202209-20 - (GENTOO) https://security.gentoo.org/glsa/202209-20 - Third Party Advisory

29 Sep 2022, 17:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202209-20 -

28 Apr 2022, 14:42

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Vendor Advisory

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

22 Feb 2022, 14:41

Type Values Removed Values Added
First Time Oracle
Oracle communications Diameter Signaling Router
References (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Vendor Advisory
CPE cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*

07 Feb 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

28 Nov 2021, 23:31

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0003/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0003/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/ - Mailing List, Third Party Advisory
CPE cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

18 Nov 2021, 08:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211118-0003/ -

17 Nov 2021, 22:17

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/ -

10 Nov 2021, 01:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/', 'name': 'FEDORA-2021-02d218c3be', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}

04 Nov 2021, 14:27

Type Values Removed Values Added
References (MISC) https://bugs.php.net/bug.php?id=81026 - Exploit, Vendor Advisory (MISC) https://bugs.php.net/bug.php?id=81026 - Exploit, Issue Tracking, Patch, Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/26/7 - Mailing List, Third Party Advisory (MLIST) http://www.openwall.com/lists/oss-security/2021/10/26/7 - Mailing List, Patch, Third Party Advisory

03 Nov 2021, 16:22

Type Values Removed Values Added
CVSS v2 : 7.2
v3 : 7.8
v2 : 6.9
v3 : 7.0
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/ - Mailing List, Third Party Advisory

03 Nov 2021, 04:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/ -

28 Oct 2021, 23:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/ -
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-4992 - (DEBIAN) https://www.debian.org/security/2021/dsa-4992 - Third Party Advisory
References (MISC) https://bugs.php.net/bug.php?id=81026 - (MISC) https://bugs.php.net/bug.php?id=81026 - Exploit, Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/26/7 - (MLIST) http://www.openwall.com/lists/oss-security/2021/10/26/7 - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2021/dsa-4993 - (DEBIAN) https://www.debian.org/security/2021/dsa-4993 - Third Party Advisory
CPE cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.2
v3 : 7.8
CWE CWE-787

27 Oct 2021, 13:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html -

26 Oct 2021, 15:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/10/26/7 -

26 Oct 2021, 11:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2021/dsa-4992 -
  • (DEBIAN) https://www.debian.org/security/2021/dsa-4993 -

25 Oct 2021, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-25 06:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-21703

Mitre link : CVE-2021-21703

CVE.ORG link : CVE-2021-21703


JSON object : View

Products Affected

oracle

  • communications_diameter_signaling_router

php

  • php

debian

  • debian_linux

netapp

  • clustered_data_ontap

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write

CWE-284

Improper Access Control