PT-2014-1413 · Php+4 · Php+4

Remicollet

Publicado

2014-08-22

Atualizado

2024-06-15

CVE-2014-3597

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.32 PHP versions 5.5.x prior to 5.5.16

Description The issue is related to multiple buffer overflows in the php parserr function, which can be exploited by remote DNS servers using crafted DNS records. This can lead to a denial of service (application crash) or possibly the execution of arbitrary code. The dns get record and dn expand functions are involved in this issue.

Recommendations For PHP versions prior to 5.4.32, update to version 5.4.32 or later. For PHP versions 5.5.x prior to 5.5.16, update to version 5.5.16 or later. As a temporary workaround, consider restricting access to the dns get record and dn expand functions until a patch is available.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2015-00368

CESA-2014_1326

CESA-2014_1327

CVE-2014-3597

DLA-67-1

DSA-3008-1

MGASA-2014-0367

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2014:1326

RHSA-2014:1327

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014_1326

RHSA-2014_1327

SUSE-SU-2016:1638-1

USN-2344-1

Produtos afetados

Centos

Php

Red Hat

Suse

Ubuntu

PT-2014-1413 · Php+4 · Php+4

CVE-2014-3597

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 298