Description
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2266)
OpenSSL Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-0778)
e107 Other Vulnerability (CVE-2006-5786)
WordPress Plugin eHive Object Details Cross-Site Scripting (2.1.6)
WordPress Plugin Car Rental System Cross-Site Scripting (1.3)