Rewterz Threat Advisory – PHP Denial of Service vulnerability

Tuesday, January 8, 2019




CATEGORY: Vulnerability






An error occurs within the “php_parserr()” function (ext/standard/dns.c) when handling DNS responses. This error can be exploited to cause a crash or Denial of Service. A malicious DNS server can send a crafted reply that leads to a memcpy operation with a negative size parameter. This affects the function `dns_get_record()` if the DNS query is of type DNS_CAA or DNS_ANY.

A CVE has not been assigned. The vulnerability is reported in version 7.1.25. Other versions may also be affected.






Denial of Service






PHP 7.1.x






The flaw is fixed in the source code repository. (Third-party patch)


Vendor has not released any fixes at the time of making of this advisory.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 6, March 2019 Rewterz Threat Alert – Threat Indicators – Ursnif/Gozi Malspam
  • 6, March 2019 Rewterz Threat Alert – Threat Actors Targeting Banks Using Tools to Bypass Cyber Security Controls
  • 5, March 2019 Rewterz Threat Alert “Beyond The Grave” Virus – Threat Indicators
  • 5, March 2019 Rewterz Threat Alert – Redaman/RTM Banking Trojan Campaigns

Copyright © Rewterz. All rights reserved.