CVE-2014-4049

 

Published at: - 18-06-2014 09:55

Last modified: - 29-08-2022 10:05

Total changes: - 2

Description

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:H/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• DSA-2961-Third Party Advisory
• https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
• [oss-security] 20140613 Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing-Mailing List, Third Party Advisory
• https://bugzilla.redhat.com/show_bug.cgi?id=1108447
• 59270-Third Party Advisory
• SUSE-SU-2014:0868-Mailing List, Third Party Advisory
• 59652-Third Party Advisory
• SUSE-SU-2014:0869-Mailing List, Third Party Advisory
• http://support.apple.com/kb/HT6443
• openSUSE-SU-2014:0942-Mailing List, Third Party Advisory
• RHSA-2014:1766-Third Party Advisory
• RHSA-2014:1765-Third Party Advisory
• APPLE-SA-2015-04-08-2-Mailing List, Third Party Advisory
• https://support.apple.com/HT204659
• 1030435-Third Party Advisory, VDB Entry
• SSRT101681-Mailing List, Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
• 68007-Third Party Advisory, VDB Entry
• http://www-01.ibm.com/support/docview.wss?uid=swg21683486
• 60998-Third Party Advisory
• 59513-Third Party Advisory
• 59496-Third Party Advisory
• 59418-Third Party Advisory
• 59329-Third Party Advisory
• openSUSE-SU-2014:0841-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2014-4049

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures