CVE-2014-4049
published 2014-06-18CVE-2014-4049: Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service…
PriorityP338medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
10.91%
95.3th percentile
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Affected
59 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| opensuse | opensuse | — | — |
| php | php | <= 5.4.31 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv7.2HIGH
vendor_ubuntu7.2HIGH
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hh9h-fmf6-wj4h: Multiple buffer overflows in the php_parserr function in ext/standard/dns
ghsa_unreviewed·2022-05-17·CVSS 5.1
CVE-2014-3597 [MEDIUM] CWE-119 GHSA-hh9h-fmf6-wj4h: Multiple buffer overflows in the php_parserr function in ext/standard/dns
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
GHSA
GHSA-8g2q-wfwm-rfv3: Heap-based buffer overflow in the php_parserr function in ext/standard/dns
ghsa_unreviewed·2022-05-14
CVE-2014-4049 [MEDIUM] CWE-119 GHSA-8g2q-wfwm-rfv3: Heap-based buffer overflow in the php_parserr function in ext/standard/dns
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
OSV
CVE-2014-3597: Multiple buffer overflows in the php_parserr function in ext/standard/dns
osv·2014-08-22·CVSS 6.8
CVE-2014-3597 [MEDIUM] CVE-2014-3597: Multiple buffer overflows in the php_parserr function in ext/standard/dns
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
OSV
php5 updates
osv·2014-06-25·CVSS 7.2
CVE-2014-0185 [HIGH] php5 updates
php5 updates
USN-2254-1 fixed vulnerabilities in PHP. The fix for CVE-2014-0185
further restricted the permissions on the PHP FastCGI Process Manager (FPM)
UNIX socket. This update grants socket access to the www-data user and
group so installations and documentation relying on the previous socket
permissions will continue to function.
Original advisory details:
Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM)
set incorrect permissions on the UNIX socket. A local attacker could use
this issue to possibly elevate their privileges. This issue only affected
Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185)
Francisco Alonso discovered that the PHP Fileinfo component incorrectly
handled certain CDF documents. A remote attacker could use this issue
OSV
php5 vulnerabilities
osv·2014-06-23·CVSS 7.2
CVE-2014-0185 [HIGH] php5 vulnerabilities
php5 vulnerabilities
Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM)
set incorrect permissions on the UNIX socket. A local attacker could use
this issue to possibly elevate their privileges. This issue only affected
Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185)
Francisco Alonso discovered that the PHP Fileinfo component incorrectly
handled certain CDF documents. A remote attacker could use this issue to
cause PHP to hang or crash, resulting in a denial of service.
(CVE-2014-0237, CVE-2014-0238)
Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2014-4049)
OSV
CVE-2014-4049: Heap-based buffer overflow in the php_parserr function in ext/standard/dns
osv·2014-06-18·CVSS 5.1
CVE-2014-4049 [MEDIUM] CVE-2014-4049: Heap-based buffer overflow in the php_parserr function in ext/standard/dns
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Red Hat
php: multiple buffer over-reads in php_parserr
vendor_redhat·2014-07-30·CVSS 6.8
CVE-2014-3597 [MEDIUM] CWE-125 php: multiple buffer over-reads in php_parserr
php: multiple buffer over-reads in php_parserr
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dns_get_record() function to perform a DNS query.
Statement: This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5
Ubuntu
PHP updates
vendor_ubuntu·2014-06-25·CVSS 7.2
CVE-2014-0185 [HIGH] PHP updates
Title: PHP updates
Summary: An improvement was made for PHP FPM environments.
USN-2254-1 fixed vulnerabilities in PHP. The fix for CVE-2014-0185
further restricted the permissions on the PHP FastCGI Process Manager (FPM)
UNIX socket. This update grants socket access to the www-data user and
group so installations and documentation relying on the previous socket
permissions will continue to function.
Original advisory details:
Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM)
set incorrect permissions on the UNIX socket. A local attacker could use
this issue to possibly elevate their privileges. This issue only affected
Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185)
Francisco Alonso discovered that the PHP Fileinfo component incorrectly
han
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2014-06-23·CVSS 7.2
CVE-2014-0185 [HIGH] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM)
set incorrect permissions on the UNIX socket. A local attacker could use
this issue to possibly elevate their privileges. This issue only affected
Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185)
Francisco Alonso discovered that the PHP Fileinfo component incorrectly
handled certain CDF documents. A remote attacker could use this issue to
cause PHP to hang or crash, resulting in a denial of service.
(CVE-2014-0237, CVE-2014-0238)
Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arb
Red Hat
php: heap-based buffer overflow in DNS TXT record parsing
vendor_redhat·2014-06-11·CVSS 5.1
CVE-2014-4049 [MEDIUM] CWE-122 php: heap-based buffer overflow in DNS TXT record parsing
php: heap-based buffer overflow in DNS TXT record parsing
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query.
Statement: This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.
Package: php (Red Hat Enterprise Linux 5) - Not affected
Apple
CVE-2014-4049: OS X Yosemite v10.10.3 and Security Update 2015-004
vendor_apple·CVSS 5.1
CVE-2014-4049 [MEDIUM] CVE-2014-4049: OS X Yosemite v10.10.3 and Security Update 2015-004
Apple Security Update: About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004
Product: OS X Yosemite v10.10.3 and Security Update 2015-004
CVE: CVE-2014-4049
Component: CVE-2014-4049
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-3597 php: multiple buffer over-reads in php_parserr
bugzilla·2014-08-21·CVSS 6.8
CVE-2014-3597 [MEDIUM] CVE-2014-3597 php: multiple buffer over-reads in php_parserr
CVE-2014-3597 php: multiple buffer over-reads in php_parserr
During the testing of the patch to fix CVE-2014-4049 (bug 1108447) in PHP, other possible buffer overflows were discovered [1] that led to a segfault in dns_get_record():
- code rely on dlen (from server response) without overflow check
- code call dn_expand without sending real "end" of answer
It has been corrected upstream [2] and a reproducer to test is available [3]. This will be fixed in upstream 5.4.32 (currently unreleased).
[1] https://bugs.php.net/bug.php?id=67717
[2] https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05
[3] https://bugs.php.net/patch-display.php?bug=67717&patch=repro.patch&revision=1406726280
Discussion:
This is corrected in upstream PHP 5.5.16 and 5.4.32:
http://php.net
Bugzilla
CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing
bugzilla·2014-06-12·CVSS 5.1
CVE-2014-4049 [MEDIUM] CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing
CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing
Stefan Esser pointed out that the following commit fixes a heap-based buffer overflow in DNS TXT record parsing:
https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
Discussion:
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1108449]
---
CVE request: http://www.openwall.com/lists/oss-security/2014/06/12/2
---
Would be nice if someone updated https://access.redhat.com/security/cve/CVE-2014-4049 to confirm the CVE affects or does not affect PHP, PHP53 packages for RHEL-5 and
Bugzilla
php: heap-based buffer overflow in DNS TXT record parsing [fedora-all]
bugzilla·2014-06-12·CVSS 5.1
[MEDIUM] php: heap-based buffer overflow in DNS TXT record parsing [fedora-all]
php: heap-based buffer overflow in DNS TXT record parsing [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects multiple support
Tenable
[R6] SecurityCenter Affected by Multiple Third-party Library Vulnerabilities
blogs_tenable·2014-07-16
[R6] SecurityCenter Affected by Multiple Third-party Library Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2014-06/msg00051.htmlhttp://lists.opensuse.org/opensuse-updates/2014-07/msg00032.htmlhttp://marc.info/?l=bugtraq&m=141017844705317&w=2http://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://secunia.com/advisories/59270http://secunia.com/advisories/59329http://secunia.com/advisories/59418http://secunia.com/advisories/59496http://secunia.com/advisories/59513http://secunia.com/advisories/59652http://secunia.com/advisories/60998http://support.apple.com/kb/HT6443http://www-01.ibm.com/support/docview.wss?uid=swg21683486http://www.debian.org/security/2014/dsa-2961http://www.openwall.com/lists/oss-security/2014/06/13/4http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/68007http://www.securitytracker.com/id/1030435https://bugzilla.redhat.com/show_bug.cgi?id=1108447https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468https://support.apple.com/HT204659http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2014-06/msg00051.htmlhttp://lists.opensuse.org/opensuse-updates/2014-07/msg00032.htmlhttp://marc.info/?l=bugtraq&m=141017844705317&w=2http://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://secunia.com/advisories/59270http://secunia.com/advisories/59329http://secunia.com/advisories/59418http://secunia.com/advisories/59496http://secunia.com/advisories/59513http://secunia.com/advisories/59652http://secunia.com/advisories/60998http://support.apple.com/kb/HT6443http://www-01.ibm.com/support/docview.wss?uid=swg21683486http://www.debian.org/security/2014/dsa-2961http://www.openwall.com/lists/oss-security/2014/06/13/4http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/68007http://www.securitytracker.com/id/1030435https://bugzilla.redhat.com/show_bug.cgi?id=1108447https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468https://support.apple.com/HT204659
2014-06-18
Published