SSRF and buffer overflow vulnerabilities in PHP can allow taking control of the server. Update now

Cybersecurity specialists reported the finding of two critical vulnerabilities in PHP, a general-purpose programming language specially adapted for web development. According to the report, successful exploitation of these flaws would allow for the deployment of server-side request forgery (SSRF) attacks and buffer overflows.

Below are brief descriptions of the reported flaws, in addition to their respective identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).

CVE-2021-21705: Improper validation of user inputs allow remote threat actors to send specially crafted HTTP requests, evade the FILTER_VALIDATE_URL mechanism, and trick the application into initiating requests to arbitrary systems.

The flaw received a CVSS score of 6.3/10 and its successful exploitation would allow remote attackers to gain access to sensitive data.

CVE-2021-21704: On the other hand, the presence of some boundary errors in the firebird_info_cb(), firebird_handle_doer(), firebird_stmt_execute(), and firebird_fetch_blob() functions allows remote threat actors to pass a specially crafted input to the application, trigger a stack-based buffer overflow, and execute arbitrary code on the target system.

The vulnerability received a CVSS score of 7.1/10 and its successful exploitation could lead to the total compromise of the affected system. 

These flaws reside in the following versions of PHP: 7.3, 7.3.0, 7.3.0alpha1, 7.3.0alpha4, 7.3.0beta1, 7.3.0beta3, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 7.3.10, 7.3.11, 7.3.12, 7.3.13, 7.3.14, 7.3.15, 7.3.16, 7.3.17, 7.3.18, 7.3.19, 7.3.20, 7.3.21, 7.3.22, 7.3.23, 7.3.24, 7.3.25, 7.3.26, 7.3.27, 7.3.28, 7.4, 7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.4.4, 7.4.5, 7.4.6, 7.4.7, 7.4.8, 7.4.9, 7.4.10, 7.4.11, 7.4.12, 7.4.13, 7.4.14, 7.4.15, 7.4.16, 7.4.18, 7.4.19, 7.4.20, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.5, 8.0.6 & 8.0.7.

While flaws can be exploited remotely by unauthenticated threat actors, researchers have not detected active exploitation attempts so far. However, those responsible for the PHP project recommend installing the corresponding updates as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.