PT-2014-1414 · Php+5 · Php+5

Sgolemon

Publicado

2014-06-18

Atualizado

2024-06-15

CVE-2014-4049

CVSS v2.0

5.1

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.0beta4

Description The issue is related to a heap-based buffer overflow in the php parserr function, which can be exploited by remote servers using crafted DNS TXT records. This could lead to a denial of service (crash) and possibly allow the execution of arbitrary code. The dns get record function is also related to this issue.

Recommendations For PHP versions prior to 5.6.0beta4, consider updating to a version that is not affected by this issue to prevent potential exploitation. As a temporary workaround, consider restricting the use of the dns get record function until a patch is available.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2015-00369

CESA-2014_1012

CESA-2014_1013

CVE-2014-4049

DLA-0010-1

DSA-2961-1

HPSBUX03102

MGASA-2014-0283

MGASA-2014-0284

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2014:1012

RHSA-2014:1013

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014_1012

RHSA-2014_1013

SUSE-SU-2014_1141-1

SUSE-SU-2016:1638-1

USN-2254-1

USN-2254-2

Produtos afetados

Centos

Hp-Ux

Php

Red Hat

Suse

Ubuntu

PT-2014-1414 · Php+5 · Php+5

CVE-2014-4049

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 313