PT-2014-1414 · Php+5 · Php+5

Sgolemon

Published

2014-06-18

Updated

2024-06-15

CVE-2014-4049

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.0beta4

Description The issue is related to a heap-based buffer overflow in the php parserr function, which can be exploited by remote servers using crafted DNS TXT records. This could lead to a denial of service (crash) and possibly allow the execution of arbitrary code. The dns get record function is also related to this issue.

Recommendations For PHP versions prior to 5.6.0beta4, consider updating to a version that is not affected by this issue to prevent potential exploitation. As a temporary workaround, consider restricting the use of the dns get record function until a patch is available.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-00369

CESA-2014_1012

CESA-2014_1013

CVE-2014-4049

DLA-0010-1

DSA-2961-1

HPSBUX03102

MGASA-2014-0283

MGASA-2014-0284

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2014:1012

RHSA-2014:1013

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014_1012

RHSA-2014_1013

SUSE-SU-2014_1141-1

SUSE-SU-2016:1638-1

USN-2254-1

USN-2254-2

Affected Products

Centos

Hp-Ux

Php

Red Hat

Suse

Ubuntu

PT-2014-1414 · Php+5 · Php+5

CVE-2014-4049

Weakness Enumeration

Related Identifiers

Affected Products

References · 313