Lucene search

K
ubuntuUbuntuUSN-5125-1
HistoryOct 27, 2021 - 12:00 a.m.

PHP vulnerability

2021-10-2700:00:00
ubuntu.com
97

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

51.0%

Releases

  • Ubuntu 21.10
  • Ubuntu 21.04
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • php5 - HTML-embedded scripting language interpreter
  • php7.0 - HTML-embedded scripting language interpreter
  • php7.2 - HTML-embedded scripting language interpreter
  • php7.4 - HTML-embedded scripting language interpreter
  • php8.0 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP-FPM in PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

51.0%