Unrated severityNVD Advisory· Published Jun 18, 2014· Updated Jun 17, 2026
CVE-2014-4049
CVE-2014-4049
Description
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=5.3.0,<5.3.29
- cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
- (no CPE)range: <=5.6.0beta4
- osv-coords4 versionspkg:rpm/opensuse/php5&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweedpkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS
< 5.6.28-1.1+ 3 more
- (no CPE)range: < 5.6.28-1.1
- (no CPE)range: < 7.0.14-1.4
- (no CPE)range: < 8.0.11-1.1
- (no CPE)range: < 5.3.17-47.1
Patches
Vulnerability mechanics
References
25- github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468nvdPatchThird Party Advisory
- lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-06/msg00051.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-07/msg00032.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1765.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1766.htmlnvdThird Party Advisory
- secunia.com/advisories/59270nvdThird Party Advisory
- secunia.com/advisories/59329nvdThird Party Advisory
- secunia.com/advisories/59418nvdThird Party Advisory
- secunia.com/advisories/59496nvdThird Party Advisory
- secunia.com/advisories/59513nvdThird Party Advisory
- secunia.com/advisories/59652nvdThird Party Advisory
- secunia.com/advisories/60998nvdThird Party Advisory
- support.apple.com/kb/HT6443nvdThird Party Advisory
- www-01.ibm.com/support/docview.wssnvdThird Party Advisory
- www.debian.org/security/2014/dsa-2961nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2014/06/13/4nvdMailing ListThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/68007nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1030435nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT204659nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.