Php dns txt record Processing Heap Buffer Overflow Vulnerability (CVE-2014-3597)
Release date:
Updated on:
Affected Systems:
PHP
Unaffected system:
PHP 5.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69322
CVE (CAN) ID: CVE-2014-3597
PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.
PHP has a segment error in dns_get_record. Attackers can exploit this vulnerability to cause DoS in affected applications or execute arbitrary code in the context by constructing dns txt records.
<* Source: David Kutalek
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05#diff-d41d8cd98f00b204e9800998ecf8427e
Https://bugs.php.net/bug.php? Id = 67717
Install LNMP in CentOS 6.3 (PHP 5.4, MyySQL5.6)
Nginx startup failure occurs during LNMP deployment.
Ubuntu install Nginx php5-fpm MySQL (LNMP environment setup)
Detailed php hd scanning PDF + CD source code + full set of teaching videos
PHP details: click here
PHP: click here
This article permanently updates the link address: