CVE-2014-3597 in PHP
Resumen (Inglés)
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Reservar
2014-05-14
Divulgación
2014-08-22
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 67396 | PHP DNS TXT Record dns_get_record desbordamiento de búfer | 119 | No probado | Arreglo oficial | CVE-2014-3597 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV