Published: 23/08/2014 Updated: 07/01/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP prior to 5.4.32 and 5.5.x prior to 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.4.10
php php 5.4.11
php php 5.4.14
php php 5.4.15
php php 5.4.20
php php 5.4.21
php php 5.4.29
php php 5.4.3
php php 5.4.8
php php 5.4.9
php php 5.5.3
php php 5.5.2
php php 5.4.0
php php 5.4.12
php php 5.4.13
php php 5.4.17
php php 5.4.18
php php 5.4.25
php php 5.4.26
php php 5.4.4
php php 5.4.5
php php 5.5.7
php php 5.5.6
php php 5.5.12
php php 5.5.11
php php 5.5.0
php php 5.5.15
php php 5.4.1
php php 5.4.19
php php 5.4.2
php php 5.4.27
php php 5.4.28
php php 5.4.6
php php 5.4.7
php php 5.5.5
php php 5.5.4
php php 5.5.10
php php 5.5.1
php php 5.4.16
php php 5.4.22
php php 5.4.23
php php 5.4.24
php php 5.4.30
php php
php php 5.5.9
php php 5.5.8
php php 5.5.14
php php 5.5.13

php5 could be made to crash or run programs if it received specially crafted network traffic ...

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem A remote attacke ...

A PHP version scanner for reporting possible vulnerabilities

versionscan Versionscan is a tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues PLEASE NOTE: Work is still in progress to adapt the tool to linux distributions that backport security fixes As of right now, this only reports back for the straight up version reported

CWE-119 https://bugs.php.net/bug.php?id=67717 https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05 https://security-tracker.debian.org/tracker/CVE-2014-3597 http://www.debian.org/security/2014/dsa-3008 http://php.net/ChangeLog-5.php http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html http://www.ubuntu.com/usn/USN-2344-1 http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html http://rhn.redhat.com/errata/RHSA-2014-1327.html http://rhn.redhat.com/errata/RHSA-2014-1326.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2014-1765.html https://support.apple.com/HT204659 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://www.securityfocus.com/bid/69322 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://secunia.com/advisories/60696 http://secunia.com/advisories/60609 https://usn.ubuntu.com/2344-1/https://nvd.nist.gov

CVE-2014-3597

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect