Rewterz Threat Advisory – PHP Denial of Service vulnerability

Tuesday, January 8, 2019




CATEGORY: Vulnerability






An error occurs within the “php_parserr()” function (ext/standard/dns.c) when handling DNS responses. This error can be exploited to cause a crash or Denial of Service. A malicious DNS server can send a crafted reply that leads to a memcpy operation with a negative size parameter. This affects the function `dns_get_record()` if the DNS query is of type DNS_CAA or DNS_ANY.

A CVE has not been assigned. The vulnerability is reported in version 7.1.25. Other versions may also be affected.






Denial of Service






PHP 7.1.x






The flaw is fixed in the source code repository. (Third-party patch)


Vendor has not released any fixes at the time of making of this advisory.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 16, July 2019 Rewterz Threat Alert – Lazarus Mobile Malware turning devices into bots
  • 16, July 2019 Rewterz Threat Alert – Lazarus APT Group, Attacked as Identity Document
  • 15, July 2019 Rise in Attacks on DNS Infrastructure and Web Applications
  • 15, July 2019 Rewterz Threat Advisory – CVE-2019-0330 – SAP Diagnostic Agent OS Command Injection Vulnerability

Copyright © Rewterz. All rights reserved.