Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-4049)

Description

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

Remediation

References

Related Vulnerabilities

WordPress Plugin Product Catalog for WordPress Unspecified Vulnerability (1.4.5)

WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Request Forgery (3.4.9.9)

WordPress Plugin Wordpress Poll SQL Injection (36)

WordPress Plugin Livemesh SiteOrigin Widgets Security Bypass (2.5.1)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0122)

Severity

Medium

Classification

CVE-2014-4049 CWE-119

Tags

Missing Update Known Vulnerabilities