Lucene search

K
osvGoogleOSV:DLA-0010-1
HistoryJun 27, 2014 - 12:00 a.m.

php5 - security update

2014-06-2700:00:00
Google
osv.dev
10

0.948 High

EPSS

Percentile

99.3%

It was discovered that PHP, a general-purpose scripting
language commonly used for web application development, is
vulnerable to a heap-based buffer overflow in the DNS TXT
record parsing. A malicious server or man-in-the-middle
attacker could possibly use this flaw to execute arbitrary
code as the PHP interpreter if a PHP application uses
dns_get_record() to perform a DNS query.

For Debian 6 Squeeze, these issues have been fixed in php5 version 5.3.3-7+squeeze20