CVE-2014-4049
Published: 18 June 2014
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Released
(5.6.0~beta4+dfsg-3)
|
lucid |
Released
(5.3.2-1ubuntu4.25)
|
|
precise |
Released
(5.3.10-1ubuntu3.12)
|
|
saucy |
Released
(5.5.3+dfsg-1ubuntu2.4)
|
|
trusty |
Released
(5.5.9+dfsg-1ubuntu4.1)
|
|
Patches: upstream: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468 |