Описание
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | not-affected | 5.5.9+dfsg-1ubuntu4.29 |
| precise/esm | not-affected | 5.3.10-1ubuntu3.34 |
| trusty | released | 5.5.9+dfsg-1ubuntu4.29 |
| trusty/esm | not-affected | 5.5.9+dfsg-1ubuntu4.29 |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | 7.0.33-0ubuntu0.16.04.2 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7.2.15-0ubuntu0.18.04.1 |
| cosmic | released | 7.2.15-0ubuntu0.18.10.1 |
| devel | released | 7.2.15-0ubuntu2 |
| disco | released | 7.2.15-0ubuntu2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 7.2.15-0ubuntu0.18.04.1 |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 7.2.14 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | DNE | |
| devel | not-affected | 7.3.4-2 |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 7.3.2 |
| xenial | DNE |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, ...
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
Уязвимость функции чтения PHAR dns_get_record интерпретатора языка программирования PHP, связанная с чтением за пределами границ буфера памяти, позволяющая нарушителю получить доступ к конфиденциальным данным
5 Medium
CVSS2
7.5 High
CVSS3