5.1

CVE-2014-4049

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseOpensuse Version11.3
PhpPhp Version >= 5.3.0 < 5.3.29
PhpPhp Version >= 5.4.0 < 5.4.30
PhpPhp Version >= 5.5.0 < 5.5.14
PhpPhp Version5.6.0 Updatealpha1
PhpPhp Version5.6.0 Updatealpha2
PhpPhp Version5.6.0 Updatealpha3
PhpPhp Version5.6.0 Updatealpha4
PhpPhp Version5.6.0 Updatealpha5
PhpPhp Version5.6.0 Updatebeta1
PhpPhp Version5.6.0 Updatebeta2
PhpPhp Version5.6.0 Updatebeta3
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.91% 0.953
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory
http://secunia.com/advisories/59652
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Third Party Advisory
https://support.apple.com/HT204659
Third Party Advisory
http://support.apple.com/kb/HT6443
Third Party Advisory
http://marc.info/?l=bugtraq&m=141017844705317&w=2
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-1766.html
Third Party Advisory
http://secunia.com/advisories/59418
Third Party Advisory
http://secunia.com/advisories/59496
Third Party Advisory
http://secunia.com/advisories/59329
Third Party Advisory
http://secunia.com/advisories/60998
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/59270
Third Party Advisory
http://secunia.com/advisories/59513
Third Party Advisory
http://www.debian.org/security/2014/dsa-2961
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/06/13/4
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/68007
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030435
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1108447
Issue Tracking
https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
Patch
Third Party Advisory