PT-2014-1413 · Php+4 · Php+4

Remicollet

Published

2014-08-22

Updated

2024-06-15

CVE-2014-3597

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.32 PHP versions 5.5.x prior to 5.5.16

Description The issue is related to multiple buffer overflows in the php parserr function, which can be exploited by remote DNS servers using crafted DNS records. This can lead to a denial of service (application crash) or possibly the execution of arbitrary code. The dns get record and dn expand functions are involved in this issue.

Recommendations For PHP versions prior to 5.4.32, update to version 5.4.32 or later. For PHP versions 5.5.x prior to 5.5.16, update to version 5.5.16 or later. As a temporary workaround, consider restricting access to the dns get record and dn expand functions until a patch is available.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-00368

CESA-2014_1326

CESA-2014_1327

CVE-2014-3597

DLA-67-1

DSA-3008-1

MGASA-2014-0367

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2014:1326

RHSA-2014:1327

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014_1326

RHSA-2014_1327

SUSE-SU-2016:1638-1

USN-2344-1

Affected Products

Centos

Php

Red Hat

Suse

Ubuntu

PT-2014-1413 · Php+4 · Php+4

CVE-2014-3597

Weakness Enumeration

Related Identifiers

Affected Products

References · 298