Lucene search

K
f5F5F5:K14492558
HistoryMar 23, 2022 - 12:00 a.m.

K14492558 : PHP vulnerability CVE-2021-21708

2022-03-2300:00:00
my.f5.com
67

AI Score

9.3

Confidence

High

EPSS

0.003

Percentile

71.2%

Security Advisory Description

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. (CVE-2021-21708)

Impact

There is no impact; F5 products are not affected by this vulnerability.