CVE-2014-3597 — Vulnetix

Try Vulnetix Request Demo

CVE-2014-3597 PUBLISHED

Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.

EPSS 5.57% · 90.2th percentile

Risk Scores

EPSS Score

5.57%

90.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	php5	0, 5.5.3+dfsg-1ubuntu2, 5.5.3+dfsg-1ubuntu3

Timeline

Aug 22, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Sep 16, 2023 EPSS Score
Mar 17, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 8, 2025 EPSS Score
Apr 14, 2025 EPSS Score
Apr 16, 2025 EPSS Score
Apr 18, 2025 EPSS Score
May 4, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2014-3597 third-party-advisory
https://bugs.php.net/bug.php?id=67717 third-party-advisory
https://ubuntu.com/security/notices/USN-2344-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2014-3597 third-party-advisory

Open in Interactive Console →