SB2022110859 - Red Hat Enterprise Linux 8 update for the php:7.4 module
Published: November 8, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error (CVE-ID: CVE-2021-21707)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to inject arbitrary XML code.
The vulnerability exists due to insufficient validation of user-supplied input within the simplexml_load_file() PHP function when processing NULL byte character (e.g. %00). A remote attacker can pass specially crafted URL to the application and bypass implemented security restrictions.
2) Use-after-free (CVE-ID: CVE-2021-21708)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the "php_filter_float()" function. A remote attacker can pass specially crafted input to the application that uses the affected PHP function, trigger a use-after-free error and crash the php-fpm process.
3) Link following (CVE-ID: CVE-2021-32610)
CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to the application does not check if the file in the archive is a symbolic link when extracting it. A remote attacker can pass a specially crafted file to the application and overwrite arbitrary files on the system. Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Remediation
Install update from vendor's website.