CVE-2014-4049

Public on 2014-06-18
Modified on 2014-09-19
Description

A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query.

Severity
Medium
See what this means
CVSS v3 Base Score
5.1
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 php 2014-08-21 11:15 ALAS-2014-393
Amazon Linux 1 php54 2014-07-09 16:24 ALAS-2014-367
Amazon Linux 1 php55 2014-07-09 16:42 ALAS-2014-372

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P
NVD CVSSv2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P