Php dns txt record Processing Heap Buffer Overflow Vulnerability (CVE-2014-3597)

Php dns txt record Processing Heap Buffer Overflow Vulnerability (CVE-2014-3597)

Release date:
Updated on:

Affected Systems:
PHP
Unaffected system:
PHP 5.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69322
CVE (CAN) ID: CVE-2014-3597

PHP is a widely used scripting language. It is especially suitable for Web development and can be embedded into HTML.

PHP has a segment error in dns_get_record. Attackers can exploit this vulnerability to cause DoS in affected applications or execute arbitrary code in the context by constructing dns txt records.

<* Source: David Kutalek
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

PHP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05#diff-d41d8cd98f00b204e9800998ecf8427e
Https://bugs.php.net/bug.php? Id = 67717

Install LNMP in CentOS 6.3 (PHP 5.4, MyySQL5.6)

Nginx startup failure occurs during LNMP deployment.

Ubuntu install Nginx php5-fpm MySQL (LNMP environment setup)

Detailed php hd scanning PDF + CD source code + full set of teaching videos

PHP details: click here
PHP: click here

This article permanently updates the link address: