FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-4049

This CVE name corresponds to:

Entered Topic
2014-08-18 PHP multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-4049 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-4049
Phase Assigned(20140612)

Description

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

References

Source Reference
MLIST [oss-security] 20140613 Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1108447
CONFIRM https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
CONFIRM http://support.apple.com/kb/HT6443
CONFIRM https://support.apple.com/HT204659
APPLE APPLE-SA-2015-04-08-2
DEBIAN DSA-2961
REDHAT RHSA-2014:1765
REDHAT RHSA-2014:1766
SUSE SUSE-SU-2014:0868
SUSE SUSE-SU-2014:0869
SUSE openSUSE-SU-2014:0942
SECTRACK 1030435
SECUNIA 59270
SECUNIA 59652

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.