CVE-2021-21706 - OpenCVE

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Php	Php

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php::::::::

No data.

References

Link	Providers
https://bugs.php.net/bug.php?id=81420
https://security.netapp.com/advisory/ntap-20211029-0007/

History

No history.

MITRE

Status: PUBLISHED

Assigner: php

Published: 2021-10-04T04:00:17.182563Z

Updated: 2024-09-16T23:06:09.569Z

Reserved: 2021-01-04T00:00:00

Link: CVE-2021-21706

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-04T04:15:08.350

Modified: 2021-11-03T20:24:36.337

Link: CVE-2021-21706

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Windows"], "product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "7.3.31", "status": "affected", "version": "7.3.x", "versionType": "custom"}, {"lessThan": "7.4.24", "status": "affected", "version": "7.4.x", "versionType": "custom"}, {"lessThan": "8.0.11", "status": "affected", "version": "8.0.X", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "reported by vi at hackberry dot xyz"}], "datePublic": "2021-09-21T00:00:00", "descriptions": [{"lang": "en", "value": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-24", "description": "CWE-24 Path Traversal: '../filedir'", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-29T12:06:47", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=81420"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20211029-0007/"}], "source": {"defect": ["https://bugs.php.net/bug.php?id=81420"], "discovery": "EXTERNAL"}, "title": "ZipArchive::extractTo may extract outside of destination dir", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@php.net", "DATE_PUBLIC": "2021-09-21T11:32:00.000Z", "ID": "CVE-2021-21706", "STATE": "PUBLIC", "TITLE": "ZipArchive::extractTo may extract outside of destination dir"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHP", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "7.3.x", "version_value": "7.3.31"}, {"platform": "Windows", "version_affected": "<", "version_name": "7.4.x", "version_value": "7.4.24"}, {"platform": "Windows", "version_affected": "<", "version_name": "8.0.X", "version_value": "8.0.11"}]}}]}, "vendor_name": "PHP Group"}]}}, "credit": [{"lang": "eng", "value": "reported by vi at hackberry dot xyz"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-24 Path Traversal: '../filedir'"}]}]}, "references": {"reference_data": [{"name": "https://bugs.php.net/bug.php?id=81420", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=81420"}, {"name": "https://security.netapp.com/advisory/ntap-20211029-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211029-0007/"}]}, "source": {"defect": ["https://bugs.php.net/bug.php?id=81420"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:23:28.483Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=81420"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20211029-0007/"}]}]}, "cveMetadata": {"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2021-21706", "datePublished": "2021-10-04T04:00:17.182563Z", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-09-16T23:06:09.569Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB0C3B54-5557-4013-9453-CCAB94BF6A34", "versionEndExcluding": "7.3.31", "versionStartIncluding": "7.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "C714AE0D-1990-455D-BEA7-B3FF454DFEBF", "versionEndExcluding": "7.4.24", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "35A8B10D-C9FF-474F-BEC1-196F6DDC4948", "versionEndExcluding": "8.0.11", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions."}, {"lang": "es", "value": "En PHP versiones de 7.3.x por debajo de 7.3.31, versiones 7.4.x por debajo de 7.4.24 y 8.0.x por debajo de 8.0.11, en el entorno de Microsoft Windows, la funci\u00f3n ZipArchive::extractTo puede ser enga\u00f1ada para escribir un archivo fuera del directorio de destino cuando es extra\u00eddo un archivo ZIP, causando as\u00ed potencialmente una creaci\u00f3n o sobreescritura de archivos, sujeto a los permisos del Sistema Operativo"}], "id": "CVE-2021-21706", "lastModified": "2021-11-03T20:24:36.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security@php.net", "type": "Secondary"}]}, "published": "2021-10-04T04:15:08.350", "references": [{"source": "security@php.net", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=81420"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211029-0007/"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-24"}], "source": "security@php.net", "type": "Secondary"}]}