Unrated severityNVD Advisory· Published Jun 18, 2014· Updated May 6, 2026
CVE-2014-4049
CVE-2014-4049
Description
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
Affected products
13cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=5.3.0,<5.3.29
- cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- osv-coordsRange: < 5.3.17-47.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468nvdPatchThird Party Advisory
- lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-06/msg00051.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-07/msg00032.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1765.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1766.htmlnvdThird Party Advisory
- secunia.com/advisories/59270nvdThird Party Advisory
- secunia.com/advisories/59329nvdThird Party Advisory
- secunia.com/advisories/59418nvdThird Party Advisory
- secunia.com/advisories/59496nvdThird Party Advisory
- secunia.com/advisories/59513nvdThird Party Advisory
- secunia.com/advisories/59652nvdThird Party Advisory
- secunia.com/advisories/60998nvdThird Party Advisory
- support.apple.com/kb/HT6443nvdThird Party Advisory
- www-01.ibm.com/support/docview.wssnvdThird Party Advisory
- www.debian.org/security/2014/dsa-2961nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2014/06/13/4nvdMailing ListThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/68007nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1030435nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT204659nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.