VulnerableCode Package Details - pkg:alpm/archlinux/php@8.0.7-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-25qc-gvuw-aaah Aliases: CVE-2021-21704	In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.	8.0.8-1 Affected by 0 other vulnerabilities.
VCID-6g8w-n721-aaak Aliases: CVE-2021-21705	In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.	8.0.8-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-25qc-gvuw-aaah
Aliases:
CVE-2021-21704

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

8.0.8-1
Affected by 0 other vulnerabilities.

VCID-6g8w-n721-aaak
Aliases:
CVE-2021-21705

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

8.0.8-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:32.593730+00:00	Arch Linux Importer	Affected by	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	36.0.0
2025-03-28T07:46:32.572948+00:00	Arch Linux Importer	Affected by	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	36.0.0
2025-01-16T14:51:08.520406+00:00	Arch Linux Importer	Affected by	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	35.1.0
2025-01-16T14:51:08.496874+00:00	Arch Linux Importer	Affected by	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	35.1.0
2024-09-18T02:01:50.653532+00:00	Arch Linux Importer	Affected by	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	34.0.1
2024-09-18T02:01:50.631202+00:00	Arch Linux Importer	Affected by	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	34.0.1
2024-01-12T23:41:41.620469+00:00	Arch Linux Importer	Affected by	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	34.0.0rc2
2024-01-12T23:41:41.600842+00:00	Arch Linux Importer	Affected by	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	34.0.0rc2
2024-01-03T22:27:55.525467+00:00	Arch Linux Importer	Affected by	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	34.0.0rc1
2024-01-03T22:27:55.499030+00:00	Arch Linux Importer	Affected by	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	34.0.0rc1