Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

PHP DNS TXT Buffer Overflow Vulnerability

 

Systems Affected


PHP version 5.3.x.
PHP version 5.4.x.
PHP version 5.5.x.

Threat Level


Medium


Overview


A buffer overflow vulnerability has been reported in PHP, which could allow a remote attacker to execute arbitrary code on the target system.


Description


This vulnerability exists in "dns_get_record()" in "ext/standard/dns.c" in PHP due to inadequate bounds checking while parsing a DNS TXT record. A remote attacker could exploit this vulnerability via specially crafted DNS TXT record response, triggering a heap based buffer overflow.

Successful exploitation of the vulnerability could allow the attacker to execute arbitrary code on the system.


Impact



Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References



Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.