CVE-2014-4049
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.3067 (30.7%)
Percentil: 96.7%
EPSS: 2026-05-06
Afecta
opensuse:opensusephp:phpdebian:debian_linuxDescripción técnica
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Publicada: 18/6/2014, 19:55:05
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html
- http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html
- http://marc.info/?l=bugtraq&m=141017844705317&w=2
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://rhn.redhat.com/errata/RHSA-2014-1766.html