Rewterz Threat Advisory – PHP Denial of Service vulnerability

Tuesday, January 8, 2019

SEVERITY: Medium

 

 

CATEGORY: Vulnerability

 

 

ANALYSIS SUMMARY

 

 

An error occurs within the “php_parserr()” function (ext/standard/dns.c) when handling DNS responses. This error can be exploited to cause a crash or Denial of Service. A malicious DNS server can send a crafted reply that leads to a memcpy operation with a negative size parameter. This affects the function `dns_get_record()` if the DNS query is of type DNS_CAA or DNS_ANY.

A CVE has not been assigned. The vulnerability is reported in version 7.1.25. Other versions may also be affected.

 

 

IMPACT

 

 

Denial of Service

 

 

AFFECTED PRODUCTS

 

 

PHP 7.1.x

 

 

REMEDIATION

 

 

The flaw is fixed in the source code repository. (Third-party patch)

https://github.com/php/php-src/commit/8d3dfabef459fe7815e8ea2fd68753fd17859d7b

 

Vendor has not released any fixes at the time of making of this advisory.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 21, January 2019 Rewterz Threat Advisory – CVE-2018-15439 – Cisco Small Business Switches Privileged Access Vulnerability
  • 17, January 2019 Rewterz Threat Advisory – CVE-2019-2550 & CVE-2019-2549 – Oracle FLEXCUBE Direct Banking “Logoff Page” Vulnerabilities
  • 17, January 2019 Rewterz Threat Advisory – Oracle Enterprise Manager for Virtualization Multiple Vulnerabilities
  • 17, January 2019 Rewterz Threat Advisory – CVE-2019-2414 – Oracle HTTP Server “Web Listener” Privilege Escalation Vulnerability

Copyright © Rewterz. All rights reserved.