Описание
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Software Collections | rh-php70-php | Fix deferred | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2020:1624 | 28.04.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php71-php | Fixed | RHSA-2019:2519 | 19.08.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php72-php | Fixed | RHSA-2019:3299 | 01.11.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | rh-php71-php | Fixed | RHSA-2019:2519 | 19.08.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | rh-php71-php | Fixed | RHSA-2019:2519 | 19.08.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | rh-php72-php | Fixed | RHSA-2019:3299 | 01.11.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | rh-php71-php | Fixed | RHSA-2019:2519 | 19.08.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | rh-php72-php | Fixed | RHSA-2019:3299 | 01.11.2019 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-php72-php | Fixed | RHSA-2019:3299 | 01.11.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, ...
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
Уязвимость функции чтения PHAR dns_get_record интерпретатора языка программирования PHP, связанная с чтением за пределами границ буфера памяти, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
4.6 Medium
CVSS3