Remote Code Execution vuln in Zend Framework 3.0.0

Overview :
Remote Code Execution vuln in Zend Framework 3.0.0
Affected Product(s) :
  • Zend Framework 3.0.0
Vulnerability Details :
CVE ID : CVE-2021-3007
Zend Framework 3.0.0 has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: the code may be related to Laminas Project laminas-http. Zend Framework is no longer supported by the maintainer. However, not all Zend Framework 3.0.0 vulnerabilities exist in a Laminas Project release.

Solution :

Upgrade to latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

TightVNC 1.3.10 vncviewer rfbproto.c InitialiseRFBConnection heap-based overflow

A vulnerability was found in TightVNC 1.3.10. It has been declared as critical. This vulnerability affects the function InitialiseRFBConnection of the file rfbproto.c of the component vncviewer. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

PJSIP up to 2.11.1 RTP/RTCP out-of-bounds read

A vulnerability was found in PJSIP up to 2.11.1. It has been rated as critical. This issue affects an unknown code of the component RTP/RTCP. Applying the patch 22af44e68a0c7d190ac1e25075e1382f77e9397a is able to eliminate this problem. The bugfix is ready for download at github.com.

PJSIP up to 2.11.1 SIP Message out-of-bounds read

A vulnerability classified as critical has been found in PJSIP up to 2.11.1. Affected is an unknown code block of the component SIP Message. Applying the patch 077b465c33f0aec05a49cd2ca456f9a1b112e896 is able to eliminate this problem. The bugfix is ready for download at github.com.