Systems Affected
PHP version 5.3.x.
PHP version 5.4.x.
PHP version 5.5.x.
Threat Level
Overview
A buffer overflow vulnerability has been reported in PHP, which could allow a remote attacker to execute arbitrary code on the target system.
Description
This vulnerability exists in "dns_get_record()" in "ext/standard/dns.c" in PHP due to inadequate bounds checking while parsing a DNS TXT record. A remote attacker could exploit this vulnerability via specially crafted DNS TXT record response, triggering a heap based buffer overflow.
Successful exploitation of the vulnerability could allow the attacker to execute arbitrary code on the system.
Impact
Solution/ Workarounds
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
References
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|