CVE-2014-3597
Published: 22 August 2014
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
Notes
Author | Note |
---|---|
jdstrand | incomplete fix for CVE-2014-4049 |
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Released
(5.3.2-1ubuntu4.27)
|
|
precise |
Released
(5.3.10-1ubuntu3.14)
|
|
trusty |
Released
(5.5.9+dfsg-1ubuntu4.4)
|
|
Patches: other: https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05#diff-d41d8cd98f00b204e9800998ecf8427e |