ALAS-2021-1532 --- php73ID: oval:org.secpod.oval:def:1601467 | Date: (C)2021-09-13 (M)2024-04-17 |
Class: PATCH | Family: unix |
Several flaws has been found in php. The pdo_firebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before calculation of the exec procedure leading to a crash. The highest threat from this vulnerability is to system availability. A security issue was found in PHP in the way it allows to bypass the FILTER_VALIDATE_URL check via a crafted URL which may lead to SSRF
Platform: |
Amazon Linux AMI |