Description

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

Remediation

References

CVE-2014-4049

Related Vulnerabilities

WordPress Plugin AJAX Post Search 'srch_txt' Parameter SQL Injection (1.2)

WordPress Plugin WassUp Real Time Analytics Cross-Site Scripting (1.9)

WordPress Plugin Themify Builder Cross-Site Scripting (5.3.1)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-4083)

Oracle Database Server CVE-2009-3412 Vulnerability (CVE-2009-3412)

Severity

Medium

Classification

CVE-2014-4049 CWE-119

Tags

Missing Update Known Vulnerabilities