CVE-2014-3597

2014-08-2200:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

JSON

Multiple buffer overflows in the php_parserr function in ext/standard/dns.c
in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to
cause a denial of service (application crash) or possibly execute arbitrary
code via a crafted DNS record, related to the dns_get_record function and
the dn_expand function. NOTE: this issue exists because of an incomplete
fix for CVE-2014-4049.

Notes

Author	Note
jdstrand	incomplete fix for CVE-2014-4049

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchphp5< 5.3.2-1ubuntu4.27UNKNOWN
ubuntu12.04noarchphp5< 5.3.10-1ubuntu3.14UNKNOWN
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.4UNKNOWN