CVE-2021-21708
UAF due to php_filter_float() failing
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
We have discovered 854,793 live websites that are affected by CVE-2021-21708.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 854,793 live websites (7.07% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-21708 and the relative popularity of websitesDetails
- Published - Feb 14, 2022
- Updated - Sep 29, 2022
Credits
- dukk at softdev dot online
CWE
CVE References
CWE References
Countries
 United States | 339,644 websites |
 France | 211,132 websites |
 Germany | 23,208 websites |
 GB | 20,183 websites |
 Canada | 20,015 websites |
 Russia | 16,370 websites |
 Argentina | 16,000 websites |
 Poland | 15,709 websites |
 Brazil | 15,441 websites |
 Italy | 14,927 websites |
TLDs
| .com | 436,392 websites |
| .fr | 94,096 websites |
| .org | 52,516 websites |
| .net | 26,068 websites |
| .de | 13,712 websites |
| .ru | 12,989 websites |
| .com.br | 12,470 websites |
| .pl | 12,220 websites |
| .be | 11,856 websites |
| .ca | 11,767 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2021-21708 through included software libraries and plugins.References
- https://bugs.php.net/bug.php?id=81708
- https://security.netapp.com/advisory/ntap-20220325-0004/
- https://security.gentoo.org/glsa/202209-20
Websites affected by CVE-2021-21708
Top websites that are affected by CVE-2021-21708. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.pl | Poland | *,*** | |
| *******.com | Germany | *,*** | |
| ****.org | GB | *,*** | |
| ***************.org | United States | *,*** | |
| **********.org | United States | *,*** | |
| ******.org | United States | *,*** | |
| ***.**********.org | United States | *,*** | |
| ******.com | France | *,*** | |
| **********.com | France | *,*** | |
| ********.org | United States | *,*** |