Programming language: Vulnerability allows code smuggling in PHP

Programming language: Vulnerability allows code smuggling in PHP

PHP developers have released new versions of the interpreter that close at least one security hole. unless there is a filter function FILTER_VALIDATE_FLOAT with min– And maxThe limit is used and the filter fails – as indicated in the PHP maintainers changelog, for example for integer values ​​- this can open the use-after-free gap. This can result in a crash or potentially be misused to overwrite memory regions and subsequently execute injected malicious code (CVE-2021-21708, CVSS). 8.2risk High,

vulnerability concerns PHP Version 7.4.x. In 7.4.288.0.x earlier 8.0.16 and 8.1.x earlier 8.13, PHP 7.4.28 only fixes the security leak. the version 8.0.16 (changelog) And 8.1.3 (Change Log) On the other hand, fix other non-security bugs including memory leaks.

Feather PHP website available for download Such as updated Windows binaries and new source code packages. Linux distributions should also distribute the updated packages soon. Administrators using PHP should schedule and implement updates as quickly as possible.


(DMK)

on home page

See also  It's Almost Certainly a Cat: Microsoft Azure API for Image Recognition

LEAVE A REPLY

Please enter your comment!
Please enter your name here