Rewterz Threat Advisory – PHP Denial of Service vulnerability

Tuesday, January 8, 2019

SEVERITY: Medium

 

 

CATEGORY: Vulnerability

 

 

ANALYSIS SUMMARY

 

 

An error occurs within the “php_parserr()” function (ext/standard/dns.c) when handling DNS responses. This error can be exploited to cause a crash or Denial of Service. A malicious DNS server can send a crafted reply that leads to a memcpy operation with a negative size parameter. This affects the function `dns_get_record()` if the DNS query is of type DNS_CAA or DNS_ANY.

A CVE has not been assigned. The vulnerability is reported in version 7.1.25. Other versions may also be affected.

 

 

IMPACT

 

 

Denial of Service

 

 

AFFECTED PRODUCTS

 

 

PHP 7.1.x

 

 

REMEDIATION

 

 

The flaw is fixed in the source code repository. (Third-party patch)

https://github.com/php/php-src/commit/8d3dfabef459fe7815e8ea2fd68753fd17859d7b

 

Vendor has not released any fixes at the time of making of this advisory.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 16, July 2019 Rewterz Threat Alert – Lazarus Mobile Malware turning devices into bots
  • 16, July 2019 Rewterz Threat Alert – Lazarus APT Group, Attacked as Identity Document
  • 15, July 2019 Rise in Attacks on DNS Infrastructure and Web Applications
  • 15, July 2019 Rewterz Threat Advisory – CVE-2019-0330 – SAP Diagnostic Agent OS Command Injection Vulnerability

Copyright © Rewterz. All rights reserved.