Alpine: php8: security update to 8.0.15-r3 (deprecated)

critical Tenable Cloud Security Plugin ID 407735

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions
with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to
trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of
other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
(CVE-2021-21708)

See Also

https://git.alpinelinux.org/aports/commit/?id=d0998f4e7b9b935fa3328277843be3de4ced1eb4

https://git.alpinelinux.org/aports/commit/?id=f798efdfaddfdc4e36332dbd439e45d72497cfa4

Plugin Details

Severity: Critical

ID: 407735

Version: Revision 1.26

Type: Local

Published: 2/18/2022

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.07

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-21708

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/18/2022

Vulnerability Publication Date: 2/27/2022

Reference Information

CVE: CVE-2021-21708