cbcvebase.
CVE-2014-4049
published 2014-06-18

CVE-2014-4049: Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service…

PriorityP338medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
10.91%
95.3th percentile
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

Affected

59 ranges· showing 25
VendorProductVersion rangeFixed in
appleos_x_yosemite_v10.10.3_and_security_update_2015-004
debiandebian_linux
debiandebian_linux
opensuseopensuse
phpphp<= 5.4.31
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp

CVSS provenance

nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv7.2HIGH
vendor_ubuntu7.2HIGH
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.