PHP developers have released new versions of the interpreter that close at least one security hole. unless there is a filter function FILTER_VALIDATE_FLOAT
with min
– And max
The limit is used and the filter fails – as indicated in the PHP maintainers changelog, for example for integer values - this can open the use-after-free gap. This can result in a crash or potentially be misused to overwrite memory regions and subsequently execute injected malicious code (CVE-2021-21708, CVSS). 8.2risk High,
vulnerability concerns PHP Version 7.4.x. In 7.4.288.0.x earlier 8.0.16 and 8.1.x earlier 8.13, PHP 7.4.28 only fixes the security leak. the version 8.0.16 (changelog) And 8.1.3 (Change Log) On the other hand, fix other non-security bugs including memory leaks.
Feather PHP website available for download Such as updated Windows binaries and new source code packages. Linux distributions should also distribute the updated packages soon. Administrators using PHP should schedule and implement updates as quickly as possible.
(DMK)
Freelance twitter maven. Infuriatingly humble coffee aficionado. Amateur gamer. Typical beer fan. Avid music scholar. Alcohol nerd.