CVE-2014-3597

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.

References

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00055.html

http://php.net/ChangeLog-5.php

http://rhn.redhat.com/errata/RHSA-2014-1326.html

http://rhn.redhat.com/errata/RHSA-2014-1327.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://secunia.com/advisories/60609

http://secunia.com/advisories/60696

http://www.debian.org/security/2014/dsa-3008

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.securityfocus.com/bid/69322

http://www.ubuntu.com/usn/USN-2344-1

https://bugs.php.net/bug.php?id=67717

https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05

https://security-tracker.debian.org/tracker/CVE-2014-3597

https://support.apple.com/HT204659

Details

Source: MITRE

Published: 2014-08-23

Updated: 2017-01-07

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.0:beta2:32-bit:*:*:*:*:*

cpe:2.3:a:php:php:5.4.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.26:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.27:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.28:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.29:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.4.30:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.4.31 (inclusive)

cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
124996EulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1543)NessusHuawei Local Security Checks
high
700510Mac OS X 10.10.x < 10.10.3 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
93161SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1638-1) (BACKRONYM)NessusSuSE Local Security Checks
critical
82700Mac OS X Multiple Vulnerabilities (Security Update 2015-004) (FREAK)NessusMacOS X Local Security Checks
critical
82699Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities (FREAK)NessusMacOS X Local Security Checks
critical
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
82212Debian DLA-67-1 : php5 security updateNessusDebian Local Security Checks
medium
78556PHP 5.6.0 Multiple VulnerabilitiesNessusCGI abuses
high
78419Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140930)NessusScientific Linux Local Security Checks
medium
78009RHEL 7 : php (RHSA-2014:1327)NessusRed Hat Local Security Checks
medium
78005Oracle Linux 7 : php (ELSA-2014-1327)NessusOracle Linux Local Security Checks
medium
78004Oracle Linux 5 / 6 : php / php53 (ELSA-2014-1326)NessusOracle Linux Local Security Checks
medium
77996CentOS 7 : php (CESA-2014:1327)NessusCentOS Local Security Checks
medium
77995CentOS 5 / 6 : php / php53 (CESA-2014:1326)NessusCentOS Local Security Checks
medium
77980RHEL 5 / 6 : php53 and php (RHSA-2014:1326)NessusRed Hat Local Security Checks
medium
77742SuSE 11.3 Security Update : php53 (SAT Patch Number 9718)NessusSuSE Local Security Checks
medium
77720openSUSE Security Update : php5 (openSUSE-SU-2014:1133-1)NessusSuSE Local Security Checks
medium
77651Mandriva Linux Security Advisory : php (MDVSA-2014:172)NessusMandriva Local Security Checks
medium
77602Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : php5 vulnerabilities (USN-2344-1)NessusUbuntu Local Security Checks
medium
77543Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : php (SSA:2014-247-01)NessusSlackware Local Security Checks
medium
77455GLSA-201408-11 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
8360PHP 5.4.x < 5.4.32 / 5.5.x < 5.5.16 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
77403PHP 5.5.x < 5.5.16 Multiple VulnerabilitiesNessusCGI abuses
medium
77402PHP 5.4.x < 5.4.32 Multiple VulnerabilitiesNessusCGI abuses
medium
77307Debian DSA-3008-1 : php5 - security updateNessusDebian Local Security Checks
medium