VulnerableCode Package Details - pkg:alpm/archlinux/php@8.0.8-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-25qc-gvuw-aaah	In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.	CVE-2021-21704
VCID-6g8w-n721-aaak	In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.	CVE-2021-21705

Vulnerability

Summary

Aliases

VCID-25qc-gvuw-aaah

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

CVE-2021-21704

VCID-6g8w-n721-aaak

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

CVE-2021-21705

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:32.598694+00:00	Arch Linux Importer	Fixing	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	36.0.0
2025-03-28T07:46:32.577862+00:00	Arch Linux Importer	Fixing	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	36.0.0
2025-01-16T14:51:08.525474+00:00	Arch Linux Importer	Fixing	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	35.1.0
2025-01-16T14:51:08.502038+00:00	Arch Linux Importer	Fixing	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	35.1.0
2024-09-18T02:01:50.658562+00:00	Arch Linux Importer	Fixing	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	34.0.1
2024-09-18T02:01:50.636237+00:00	Arch Linux Importer	Fixing	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	34.0.1
2024-01-12T23:41:41.625102+00:00	Arch Linux Importer	Fixing	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	34.0.0rc2
2024-01-12T23:41:41.605565+00:00	Arch Linux Importer	Fixing	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	34.0.0rc2
2024-01-03T22:27:55.530133+00:00	Arch Linux Importer	Fixing	VCID-25qc-gvuw-aaah	https://security.archlinux.org/AVG-2132	34.0.0rc1
2024-01-03T22:27:55.503764+00:00	Arch Linux Importer	Fixing	VCID-6g8w-n721-aaak	https://security.archlinux.org/AVG-2132	34.0.0rc1