CVE-2014-3597

PHP < 5.4.32 and 5.5.x < 5.5.16 - Remote Code Execution via Crafted DNS Record

Title source: llm

Description

Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.

References (18)

Core 18

Core References

Various Sources x_refsource_confirm

http://php.net/ChangeLog-5.php

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html

Vendor Advisory x_refsource_confirm

https://bugs.php.net/bug.php?id=67717

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69322

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-3008

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Patch x_refsource_confirm

https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05

Third Party Advisory x_refsource_confirm

https://security-tracker.debian.org/tracker/CVE-2014-3597

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60696

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1766.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1326.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1327.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1765.html

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT204659

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60609

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2344-1

Scores

EPSS 0.0696

EPSS Percentile 91.5%

Details

CWE

CWE-119

Status published

Products (32)

php/php 5.4.0 (4 CPE variants)

php/php 5.4.1

php/php 5.4.2

php/php 5.4.3

php/php 5.4.4

php/php 5.4.5

php/php 5.4.6

php/php 5.4.7

php/php 5.4.8

php/php 5.4.9

... and 22 more

Published Aug 23, 2014

Tracked Since Feb 18, 2026