Rewterz Threat Alert – Major US-based bank employees phished with Custom Web Fonts meant to Evade Detection
January 7, 2019Rewterz Threat Advisory – Vidar and GrandCrab Stealer and Ransomware emerging in the Wild as a pair
January 8, 2019Rewterz Threat Alert – Major US-based bank employees phished with Custom Web Fonts meant to Evade Detection
January 7, 2019Rewterz Threat Advisory – Vidar and GrandCrab Stealer and Ransomware emerging in the Wild as a pair
January 8, 2019SEVERITY: Medium
CATEGORY: Vulnerability
ANALYSIS SUMMARY
An error occurs within the “php_parserr()” function (ext/standard/dns.c) when handling DNS responses. This error can be exploited to cause a crash or Denial of Service. A malicious DNS server can send a crafted reply that leads to a memcpy operation with a negative size parameter. This affects the function `dns_get_record()` if the DNS query is of type DNS_CAA or DNS_ANY.
A CVE has not been assigned. The vulnerability is reported in version 7.1.25. Other versions may also be affected.
IMPACT
Denial of Service
AFFECTED PRODUCTS
PHP 7.1.x
REMEDIATION
The flaw is fixed in the source code repository. (Third-party patch)
https://github.com/php/php-src/commit/8d3dfabef459fe7815e8ea2fd68753fd17859d7b
Vendor has not released any fixes at the time of making of this advisory.