CVE-2014-4049
9.7 High
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.948 High
EPSS
Percentile
99.2%
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
References
lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
lists.opensuse.org/opensuse-updates/2014-06/msg00051.html
lists.opensuse.org/opensuse-updates/2014-07/msg00032.html
marc.info/?l=bugtraq&m=141017844705317&w=2
rhn.redhat.com/errata/RHSA-2014-1765.html
rhn.redhat.com/errata/RHSA-2014-1766.html
secunia.com/advisories/59270
secunia.com/advisories/59329
secunia.com/advisories/59418
secunia.com/advisories/59496
secunia.com/advisories/59513
secunia.com/advisories/59652
secunia.com/advisories/60998
support.apple.com/kb/HT6443
www-01.ibm.com/support/docview.wss?uid=swg21683486
www.debian.org/security/2014/dsa-2961
www.openwall.com/lists/oss-security/2014/06/13/4
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
www.securityfocus.com/bid/68007
www.securitytracker.com/id/1030435
bugzilla.redhat.com/show_bug.cgi?id=1108447
github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
support.apple.com/HT204659
Social References
More
Related
9.7 High
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.948 High
EPSS
Percentile
99.2%