Description
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
References (6)
Core 6
Core References
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugs.php.net/bug.php?id=76448
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugs.php.net/bug.php?id=76449
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugs.php.net/bug.php?id=76450
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://bugs.php.net/bug.php?id=76452
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20211029-0006/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202209-20
Scores
CVSS v3
5.0
EPSS
0.0015
EPSS Percentile
35.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-190
CWE-125
CWE-787
Status
published
Products (2)
netapp/clustered_data_ontap
php/php
7.3.0 - 7.3.29
Published
Oct 04, 2021
Tracked Since
Feb 18, 2026