Description
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Remediation
References
Related Vulnerabilities
Moodle CVE-2020-25698 Vulnerability (CVE-2020-25698)
WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)
WordPress Plugin moreAds SE Open Redirect (1.4.8)
WordPress Plugin Downloads Manager 'upload.php' Arbitrary File Upload (0.2)
WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2)