A security update released for PHP Denial of Service Vulnerability.
CVE-2021-21702 — Denial Of Service
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
However, Successful exploitation can enable an attacker to cause PHP to crash resulting in a Denial-Of-Service condition.
In addition, the vulnerability is considered as HIGH severity with score 7.8 where this is vulnerable to Windows, Linux platforms.
|Vulnerability Rating||CVSS v3.0|
|Vulnerability Rating||CVSS v2.0|
The vulnerability is vulnerable to PHP Versions Prior to 7.4.15 and PHP Version 7.4.15 is not vulnerable to this issue.
It is recommend to upgrade PHP version7.3 packages.
On the other hand, Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could also result in information disclosure, cookie forgery or incorrect encryption.