CVE-2014-4049
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.3067 (30.7%)
Percentile: 96.7%
EPSS: 2026-05-06
Affects
opensuse:opensusephp:phpdebian:debian_linuxTechnical description
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Published: 6/18/2014, 7:55:05 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html
- http://marc.info/?l=bugtraq&m=141017844705317&w=2
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://rhn.redhat.com/errata/RHSA-2014-1766.html