Описание
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Out of support scope | ||
| Red Hat Enterprise Linux 5 | php53 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php:7.2/php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php:7.3/php | Fix deferred | ||
| Red Hat Software Collections | rh-php72-php | Out of support scope | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2021:4213 | 09.11.2021 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php73-php | Fixed | RHSA-2021:2992 | 03.08.2021 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-php73-php | Fixed | RHSA-2021:2992 | 03.08.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.6 Low
CVSS3
Связанные уязвимости
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below ...
EPSS
3.6 Low
CVSS3