PublicDateAtUSN: 2021-02-15 04:15:00 UTC
Candidate: CVE-2021-21702
PublicDate: 2021-02-15 04:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21702
 https://ubuntu.com/security/notices/USN-5006-1
 https://ubuntu.com/security/notices/USN-5006-2
Description:
 In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below
 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious
 SOAP server could return malformed XML data as a response that would cause
 PHP to access a null pointer and thus cause a crash.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.php.net/80672
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_php5:
upstream_php5: needs-triage
precise/esm_php5: ignored (end of ESM support, was needs-triage)
trusty_php5: ignored (out of standard support)
trusty/esm_php5: released (5.5.9+dfsg-1ubuntu4.29+esm14)
xenial_php5: DNE
bionic_php5: DNE
focal_php5: DNE
groovy_php5: DNE
hirsute_php5: DNE
impish_php5: DNE
jammy_php5: DNE
devel_php5: DNE

Patches_php7.0:
upstream_php7.0: needs-triage
precise/esm_php7.0: DNE
trusty_php7.0: DNE
trusty/esm_php7.0: DNE
xenial_php7.0: ignored (end of standard support, was needs-triage)
esm-infra/xenial_php7.0: released (7.0.33-0ubuntu0.16.04.16+esm1)
bionic_php7.0: DNE
focal_php7.0: DNE
groovy_php7.0: DNE
hirsute_php7.0: DNE
impish_php7.0: DNE
jammy_php7.0: DNE
devel_php7.0: DNE

Patches_php7.2:
upstream_php7.2: needs-triage
precise/esm_php7.2: DNE
trusty_php7.2: DNE
trusty/esm_php7.2: DNE
xenial_php7.2: DNE
bionic_php7.2: released (7.2.24-0ubuntu0.18.04.8)
focal_php7.2: DNE
groovy_php7.2: DNE
hirsute_php7.2: DNE
impish_php7.2: DNE
jammy_php7.2: DNE
devel_php7.2: DNE

Patches_php7.4:
 upstream: http://git.php.net/?p=php-src.git;a=commit;h=3c939e3f69955d087e0bb671868f7267dfb2a502
 upstream: http://git.php.net/?p=php-src.git;a=commit;h=06c9633b43a032236b449739a72f4d55cd648fb4
upstream_php7.4: released (7.4.15)
precise/esm_php7.4: DNE
trusty_php7.4: DNE
trusty/esm_php7.4: DNE
xenial_php7.4: DNE
bionic_php7.4: DNE
focal_php7.4: released (7.4.3-4ubuntu2.5)
groovy_php7.4: released (7.4.9-1ubuntu1.2)
hirsute_php7.4: not-affected (7.4.16-1ubuntu2)
impish_php7.4: DNE
jammy_php7.4: DNE
devel_php7.4: DNE

Patches_php8.0:
upstream_php8.0: released (8.0.2)
precise/esm_php8.0: DNE
trusty_php8.0: DNE
trusty/esm_php8.0: DNE
xenial_php8.0: DNE
bionic_php8.0: DNE
focal_php8.0: DNE
groovy_php8.0: DNE
hirsute_php8.0: DNE
impish_php8.0: not-affected (8.0.5-1ubuntu1)
jammy_php8.0: DNE
devel_php8.0: DNE

Patches_php8.1:
upstream_php8.1: needs-triage
precise/esm_php8.1: DNE
trusty_php8.1: DNE
trusty/esm_php8.1: DNE
xenial_php8.1: DNE
bionic_php8.1: DNE
focal_php8.1: DNE
groovy_php8.1: DNE
hirsute_php8.1: DNE
impish_php8.1: DNE
jammy_php8.1: not-affected (8.1.0-1)
devel_php8.1: not-affected (8.1.0-1)