CVE-2014-4049

php: heap-based buffer overflow in DNS TXT record parsing

Severity Score

5.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

Desbordamiento de buffer basado en memoria dinámica en la función php_parserr en ext/standard/dns.c en PHP 5.6.0beta4 y anteriores permite a servidores remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un registro DNS TXT manipulado, relacionado con la función dns_get_record.

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query.

*Credits: N/A

CVSS Scores

NISTv2 5.1

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-06-12 CVE Reserved
2014-06-17 CVE Published
2023-12-13 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow

CAPEC

References (26)

URL	Tag	Source
http://secunia.com/advisories/59270	Third Party Advisory
http://secunia.com/advisories/59329	Third Party Advisory
http://secunia.com/advisories/59418	Third Party Advisory
http://secunia.com/advisories/59496	Third Party Advisory
http://secunia.com/advisories/59513	Third Party Advisory
http://secunia.com/advisories/59652	Third Party Advisory
http://secunia.com/advisories/60998	Third Party Advisory
http://support.apple.com/kb/HT6443	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683486	Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/06/13/4	Mailing List
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html	Third Party Advisory
http://www.securityfocus.com/bid/68007	Third Party Advisory
http://www.securitytracker.com/id/1030435	Third Party Advisory
https://support.apple.com/HT204659	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468	2022-08-29

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html	2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html	2022-08-29
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html	2022-08-29
http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html	2022-08-29
http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html	2022-08-29
http://marc.info/?l=bugtraq&m=141017844705317&w=2	2022-08-29
http://rhn.redhat.com/errata/RHSA-2014-1765.html	2022-08-29
http://rhn.redhat.com/errata/RHSA-2014-1766.html	2022-08-29
http://www.debian.org/security/2014/dsa-2961	2022-08-29
https://bugzilla.redhat.com/show_bug.cgi?id=1108447	2014-10-30
https://access.redhat.com/security/cve/CVE-2014-4049	2014-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.3 Search vendor "Opensuse" for product "Opensuse" and version "11.3"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 5.3.0 < 5.3.29 Search vendor "Php" for product "Php" and version " >= 5.3.0 < 5.3.29"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 5.4.0 < 5.4.30 Search vendor "Php" for product "Php" and version " >= 5.4.0 < 5.4.30"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				>= 5.5.0 < 5.5.14 Search vendor "Php" for product "Php" and version " >= 5.5.0 < 5.5.14"		-		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.6.0 Search vendor "Php" for product "Php" and version "5.6.0"		alpha1		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.6.0 Search vendor "Php" for product "Php" and version "5.6.0"		alpha2		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.6.0 Search vendor "Php" for product "Php" and version "5.6.0"		alpha3		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.6.0 Search vendor "Php" for product "Php" and version "5.6.0"		alpha4		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.6.0 Search vendor "Php" for product "Php" and version "5.6.0"		alpha5		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.6.0 Search vendor "Php" for product "Php" and version "5.6.0"		beta1		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.6.0 Search vendor "Php" for product "Php" and version "5.6.0"		beta2		Affected
Php Search vendor "Php"		Php Search vendor "Php" for product "Php"				5.6.0 Search vendor "Php" for product "Php" and version "5.6.0"		beta3		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected