Main Vulnerability Database Exploits ID:7360 - Exploit for Use-after-free in PHP - CVE-2021-21708

ID:7360 - Exploit for Use-after-free in PHP - CVE-2021-21708

Published: February 18, 2022

Vulnerability identifier: #VU60707

Vulnerability risk: Medium

CVE-ID: CVE-2021-21708

CWE-ID: CWE-416

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://github.com/MrdUkk/php-sigsegv

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the "php_filter_float()" function. A remote attacker can pass specially crafted input to the application that uses the affected PHP function, trigger a use-after-free error and crash the php-fpm process.

Remediation

Install updates from vendor's website.

ID:7360 - Exploit for Use-after-free in PHP - CVE-2021-21708

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human