Search for vulnerabilities
Vulnerability details: VCID-cqj3-udy1-aaad
Vulnerability ID VCID-cqj3-udy1-aaad
Aliases CVE-2014-4049
Summary CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122 Heap-based Buffer Overflow
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=141017844705317&w=2
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4049.html
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1012
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1013
rhas Important https://access.redhat.com/errata/RHSA-2014:1765
rhas Important https://access.redhat.com/errata/RHSA-2014:1766
epss 0.06817 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.08895 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.15686 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.15686 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.15686 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.15686 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.15686 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.15686 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.16893 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.17452 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.22414 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.22414 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.22414 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.29731 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.33014 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.35051 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.36136 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.36136 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.36136 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.36136 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.36136 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.36136 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94273 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94273 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94273 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94273 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94808 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94808 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94808 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94808 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94808 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94808 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94808 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94808 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
epss 0.94808 https://api.first.org/data/v1/epss?cve=CVE-2014-4049
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
cvssv2 5.1 https://nvd.nist.gov/vuln/detail/CVE-2014-4049
generic_textual Medium https://ubuntu.com/security/notices/USN-2254-1
generic_textual Medium http://www.openwall.com/lists/oss-security/2014/06/13/4
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html
http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html
http://marc.info/?l=bugtraq&m=141017844705317&w=2
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4049.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4049.json
https://api.first.org/data/v1/epss?cve=CVE-2014-4049
https://bugzilla.redhat.com/show_bug.cgi?id=1108447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
http://secunia.com/advisories/59270
http://secunia.com/advisories/59329
http://secunia.com/advisories/59418
http://secunia.com/advisories/59496
http://secunia.com/advisories/59513
http://secunia.com/advisories/59652
http://secunia.com/advisories/60998
https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
https://support.apple.com/HT204659
https://ubuntu.com/security/notices/USN-2254-1
http://support.apple.com/kb/HT6443
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
http://www.debian.org/security/2014/dsa-2961
http://www.openwall.com/lists/oss-security/2014/06/13/4
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/68007
http://www.securitytracker.com/id/1030435
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:*:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:beta4:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
CVE-2014-4049 https://nvd.nist.gov/vuln/detail/CVE-2014-4049
GLSA-201408-11 https://security.gentoo.org/glsa/201408-11
RHSA-2014:1012 https://access.redhat.com/errata/RHSA-2014:1012
RHSA-2014:1013 https://access.redhat.com/errata/RHSA-2014:1013
RHSA-2014:1765 https://access.redhat.com/errata/RHSA-2014:1765
RHSA-2014:1766 https://access.redhat.com/errata/RHSA-2014:1766
USN-2254-1 https://usn.ubuntu.com/2254-1/
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-4049
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90501
EPSS Score 0.06817
Published At April 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.