[Bug 1961820] Re: CVE-2021-21708: potential RCE with filter_var(..., FILTER_VALIDATE_FLOAT)

Rodrigo Figueiredo Zaiden Mon, 28 Feb 2022 05:31:12 -0800

This bug was fixed in the package php7.4 - 7.4.3-4ubuntu2.9

---------------
php7.4 (7.4.3-4ubuntu2.9) focal-security; urgency=medium


  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2021-21708.patch: change the call to
      zval_ptr_dtor in ext/filter/logical_filters.c to be done
      after a validation is succeeded, and add a test for this
      case in ext/filter/tests/bug81708.phpt
    - CVE-2021-21708

 -- Rodrigo Figueiredo Zaiden <[email protected]>  Thu, 24
Feb 2022 11:55:48 -0300

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21708

** Changed in: php7.4 (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961820

Title:
  CVE-2021-21708: potential RCE with filter_var(...,
  FILTER_VALIDATE_FLOAT)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php7.4/+bug/1961820/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1961820] Re: CVE-2021-21708: potential RCE with filter_var(..., FILTER_VALIDATE_FLOAT)

Reply via email to