Security Update — PHP Race Condition Vulnerability

Home/Software Issues/Security Update — PHP Race Condition Vulnerability

Security Update — PHP Race Condition Vulnerability

A security update released for PHP Denial of Service Vulnerability.

CVE-2021-21702 — Denial Of Service

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

Follow Us on: Twitter, InstagramFacebook to get latest security news!

However, Successful exploitation can enable an attacker to cause PHP to crash resulting in a Denial-Of-Service condition.

In addition, the vulnerability is considered as HIGH severity with score 7.8 where this is vulnerable to Windows, Linux platforms.

Vulnerability RatingCVSS v3.0
Base Score7.5
Base MetricsCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability RatingCVSS v2.0
Base Score7.8
Base MetricsCVSS:2.0/AV:N/AC:L/AU:N/C:N/I:N/A:C

Vulnerable Products

The vulnerability is vulnerable to PHP Versions Prior to 7.4.15 and PHP Version 7.4.15 is not vulnerable to this issue.


It is recommend to upgrade PHP version7.3 packages.

On the other hand, Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could also result in information disclosure, cookie forgery or incorrect encryption.

By | 2021-02-23T21:54:28+05:30 February 23rd, 2021|Software Issues|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!