CVE-2021-21702

Null Dereference in SoapClient

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

We have discovered 830,634 live websites that are affected by CVE-2021-21702.

Affected Software


Product	PHP
Category	Programming Languages
Vulnerable Versions	from 7.3 before 7.3.27 from 7.4 before 7.4.15 from 8 before 8.0.2
Total Vulnerable Versions	507
Vulnerable Domains	830,634 live websites (6.87% of PHP install base)

Common Weakness Enumeration

CWE-476 NULL Pointer Dereference

Available Reports

Website List

Details

Published - Feb 1, 2021
Updated - Oct 20, 2021

Credits

Reported by jgalindo at datto dot com

CWE

CWE-476

CVE References

CWE References

cwe.mitre.org

Countries

United States	318,595 websites

France	245,470 websites
Germany	19,868 websites
Canada	19,136 websites
GB	18,692 websites
Russia	18,623 websites
Poland	16,405 websites
Spain	14,311 websites
Italy	14,285 websites
China	13,428 websites

TLDs

.com	428,585 websites
.fr	109,155 websites
.org	50,026 websites
.net	26,427 websites
.ru	15,624 websites
.be	13,085 websites
.pl	12,745 websites
.de	11,669 websites
.co.uk	11,601 websites
.ca	11,188 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

References

Websites affected by CVE-2021-21702

Top websites that are affected by CVE-2021-21702. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*.***.pl	Poland	,**
*******.com	Germany	,**
***************.org	United States	,**
*..gov	United States	,**
******.com	France	,**
**********.com	France	,**
********.org	United States	,**
*.*******.com	United States	,**
**.******.*.uk	GB	,**
**.****.jp	Japan	,**

See full domain list