{"api_version":"1","generated_at":"2026-04-22T19:27:16+00:00","cve":"CVE-2021-21703","urls":{"html":"https://cve.report/CVE-2021-21703","api":"https://cve.report/api/cve/CVE-2021-21703.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-21703","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-21703"},"summary":{"title":"CVE-2021-21703","description":"In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.","state":"PUBLIC","assigner":"security@php.net","published_at":"2021-10-25 06:15:00","updated_at":"2023-11-07 03:30:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/","name":"FEDORA-2021-4140b54de2","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: php-7.4.25-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202209-20","name":"GLSA-202209-20","refsource":"GENTOO","tags":[],"title":"PHP: Multiple Vulnerabilities (GLSA 202209-20) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/","name":"FEDORA-2021-9f68f5f752","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: php-7.4.25-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2021/dsa-4993","name":"DSA-4993","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4993-1 php7.3","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/","name":"FEDORA-2021-9f68f5f752","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: php-7.4.25-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html","name":"[debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2794-1] php7.0 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/","name":"FEDORA-2021-02d218c3be","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: php-8.0.12-2.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - January 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/","name":"FEDORA-2021-4140b54de2","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: php-7.4.25-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/","name":"FEDORA-2021-02d218c3be","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: php-8.0.12-2.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2021/dsa-4992","name":"DSA-4992","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4992-1 php7.4","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugs.php.net/bug.php?id=81026","name":"https://bugs.php.net/bug.php?id=81026","refsource":"MISC","tags":[],"title":"PHP :: Sec Bug #81026 :: PHP-FPM oob R/W in root process leading to privilege escalation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20211118-0003/","name":"https://security.netapp.com/advisory/ntap-20211118-0003/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-21703 PHP Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/10/26/7","name":"[oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 <= 8.0.12 Local Root","refsource":"MLIST","tags":[],"title":"oss-security - CVE-2021-21703: PHP-FPM 5.3.7 <= 8.0.12 Local Root","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-21703","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21703","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Reported by Charles Fol","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"8.5.0.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_diameter_signaling_router","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"7.3.31","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"7.4.25","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21703","vulnerable":"1","versionEndIncluding":"8.0.12","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-21703","qid":"159834","title":"Oracle Enterprise Linux Security Update for php:7.4 (ELSA-2022-1935)"},{"cve":"CVE-2021-21703","qid":"178828","title":"Debian Security Update for php7.3 (DSA 4993-1)"},{"cve":"CVE-2021-21703","qid":"178830","title":"Debian Security Update for php7.4 (DSA 4992-1)"},{"cve":"CVE-2021-21703","qid":"178872","title":"Debian Security Update for php7.0 (DLA 2794-1)"},{"cve":"CVE-2021-21703","qid":"198553","title":"Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerability (USN-5125-1)"},{"cve":"CVE-2021-21703","qid":"240318","title":"Red Hat Update for php:7.4 (RHSA-2022:1935)"},{"cve":"CVE-2021-21703","qid":"240535","title":"Red Hat Update for rh-php73-php (RHSA-2022:5491)"},{"cve":"CVE-2021-21703","qid":"282020","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2021-9f68f5f752)"},{"cve":"CVE-2021-21703","qid":"282021","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2021-4140b54de2)"},{"cve":"CVE-2021-21703","qid":"296066","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 40.107.3 Missing (CPUOCT2021)"},{"cve":"CVE-2021-21703","qid":"376959","title":"NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Disclosure of Sensitive Information Vulnerability (NTAP-20211118-0003)"},{"cve":"CVE-2021-21703","qid":"38870","title":"Hypertext Preprocessor (PHP) Privilege Escalation Vulnerability"},{"cve":"CVE-2021-21703","qid":"501145","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2021-21703","qid":"501664","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2021-21703","qid":"501667","title":"Alpine Linux Security Update for php8"},{"cve":"CVE-2021-21703","qid":"502332","title":"Alpine Linux Security Update for php81"},{"cve":"CVE-2021-21703","qid":"671152","title":"EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2021-2810)"},{"cve":"CVE-2021-21703","qid":"710633","title":"Gentoo Linux Hypertext Preprocessor (PHP) Multiple Vulnerabilities (GLSA 202209-20)"},{"cve":"CVE-2021-21703","qid":"751383","title":"SUSE Enterprise Linux Security Update for php72 (SUSE-SU-2021:3727-1)"},{"cve":"CVE-2021-21703","qid":"751385","title":"SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2021:3726-1)"},{"cve":"CVE-2021-21703","qid":"751467","title":"OpenSUSE Security Update for php7 (openSUSE-SU-2021:3943-1)"},{"cve":"CVE-2021-21703","qid":"751513","title":"OpenSUSE Security Update for php7 (openSUSE-SU-2021:1570-1)"},{"cve":"CVE-2021-21703","qid":"751772","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:0679-1)"},{"cve":"CVE-2021-21703","qid":"751779","title":"OpenSUSE Security Update for php7 (openSUSE-SU-2022:0679-1)"},{"cve":"CVE-2021-21703","qid":"752878","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4067-1)"},{"cve":"CVE-2021-21703","qid":"752898","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4069-1)"},{"cve":"CVE-2021-21703","qid":"752901","title":"SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2022:4068-1)"},{"cve":"CVE-2021-21703","qid":"753325","title":"SUSE Enterprise Linux Security Update for php8 (SUSE-SU-2022:3661-1)"},{"cve":"CVE-2021-21703","qid":"901247","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (7325)"},{"cve":"CVE-2021-21703","qid":"940552","title":"AlmaLinux Security Update for php:7.4 (ALSA-2022:1935)"},{"cve":"CVE-2021-21703","qid":"960280","title":"Rocky Linux Security Update for php:7.4 (RLSA-2022:1935)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@php.net","DATE_PUBLIC":"2021-10-18T22:40:00.000Z","ID":"CVE-2021-21703","STATE":"PUBLIC","TITLE":"PHP-FPM memory access in root process leading to privilege escalation"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"PHP","version":{"version_data":[{"version_affected":"<=","version_name":"7.3.x","version_value":"7.3.31"},{"version_affected":"<","version_name":"7.4.x","version_value":"7.4.25"},{"version_affected":"<","version_name":"8.0.X","version_value":"8.0.12"}]}}]},"vendor_name":"PHP Group"}]}},"configuration":[{"lang":"eng","value":"PHP FPM is being used with the main process having higher privileges than the worker processes. "}],"credit":[{"lang":"eng","value":"Reported by Charles Fol"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-787 Out-of-bounds Write"}]},{"description":[{"lang":"eng","value":"CWE-284 Improper Access Control"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://bugs.php.net/bug.php?id=81026","name":"https://bugs.php.net/bug.php?id=81026"},{"refsource":"DEBIAN","name":"DSA-4992","url":"https://www.debian.org/security/2021/dsa-4992"},{"refsource":"DEBIAN","name":"DSA-4993","url":"https://www.debian.org/security/2021/dsa-4993"},{"refsource":"MLIST","name":"[oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 <= 8.0.12 Local Root","url":"http://www.openwall.com/lists/oss-security/2021/10/26/7"},{"refsource":"MLIST","name":"[debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update","url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"},{"refsource":"FEDORA","name":"FEDORA-2021-9f68f5f752","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/"},{"refsource":"FEDORA","name":"FEDORA-2021-4140b54de2","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/"},{"refsource":"FEDORA","name":"FEDORA-2021-02d218c3be","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20211118-0003/","url":"https://security.netapp.com/advisory/ntap-20211118-0003/"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"refsource":"GENTOO","name":"GLSA-202209-20","url":"https://security.gentoo.org/glsa/202209-20"}]},"source":{"defect":["https://bugs.php.net/bug.php?id=81026"],"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-10-25 06:15:00","lastModifiedDate":"2023-11-07 03:30:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndIncluding":"7.3.31","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.12","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.5.0.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"21703","Ordinal":"196392","Title":"CVE-2021-21703","CVE":"CVE-2021-21703","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"21703","Ordinal":"1","NoteData":"In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"21703","Ordinal":"2","NoteData":"2021-10-25","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"21703","Ordinal":"3","NoteData":"2022-02-07","Type":"Other","Title":"Modified"}]}}}