Main Vulnerability Database Vulnerabilities #VU16086

Heap-based buffer overflow in PHP - CVE-2014-4049

Published: November 27, 2018

Vulnerability identifier: #VU16086

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2014-4049

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PHP Group

Affected software:
PHP

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow in the php_parserr function in ext/standard/dns.c. A remote attacker can trigger memory corruption via a crafted DNS TXT record, related to the dns_get_record function and cause the service to crash or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2014-4049

Install update from vendor's website.

Sources

https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468

Heap-based buffer overflow in PHP - CVE-2014-4049

Detailed vulnerability description

How to mitigate CVE-2014-4049

Sources

Please verify you're human