Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

PHP DNS TXT Buffer Overflow Vulnerability

 

Systems Affected


PHP version 5.3.x.
PHP version 5.4.x.
PHP version 5.5.x.

Threat Level


Medium


Overview


A buffer overflow vulnerability has been reported in PHP, which could allow a remote attacker to execute arbitrary code on the target system.


Description


This vulnerability exists in "dns_get_record()" in "ext/standard/dns.c" in PHP due to inadequate bounds checking while parsing a DNS TXT record. A remote attacker could exploit this vulnerability via specially crafted DNS TXT record response, triggering a heap based buffer overflow.

Successful exploitation of the vulnerability could allow the attacker to execute arbitrary code on the system.


Impact



Solution/ Workarounds


Apply the patch available from the PHP GIT Repository
https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468


References



Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.