Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DNS:PHP-GET-RCRD-OB

Severity

 Minor

Recommended

 Yes

Recommended Action

 Drop

Category

 DNS

Keywords

 PHP dns_get_record Out of Bounds Read

Release Date

 2019/03/13

Update Number

 3151

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DNS: PHP dns_get_record Out of Bounds Read


This signature detects attempts to exploit a known vulnerability against PHP. The vulnerability is due to improper handling of malformed DNS responses. A remote attacker could exploit this vulnerability by sending a crafted DNS response to a vulnerable server. Successful exploitation could lead to information disclosure or crash of the PHP application.

Extended Description

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.

Affected Products

  • Canonical ubuntu_linux 12.04
  • Canonical ubuntu_linux 14.04
  • Canonical ubuntu_linux 16.04
  • Debian debian_linux 8.0
  • Debian debian_linux 9.0
  • Netapp storage_automation_store -
  • Php php 7.0.0
  • Php php 7.0.1
  • Php php 7.0.10
  • Php php 7.0.11
  • Php php 7.0.12
  • Php php 7.0.13
  • Php php 7.0.14
  • Php php 7.0.15
  • Php php 7.0.16
  • Php php 7.0.17
  • Php php 7.0.18
  • Php php 7.0.19
  • Php php 7.0.2
  • Php php 7.0.20
  • Php php 7.0.21
  • Php php 7.0.22
  • Php php 7.0.23
  • Php php 7.0.24
  • Php php 7.0.25
  • Php php 7.0.26
  • Php php 7.0.27
  • Php php 7.0.28
  • Php php 7.0.29
  • Php php 7.0.3
  • Php php 7.0.30
  • Php php 7.0.31
  • Php php 7.0.32
  • Php php 7.0.33
  • Php php 7.0.4
  • Php php 7.0.5
  • Php php 7.0.6
  • Php php 7.0.7
  • Php php 7.0.8
  • Php php 7.0.9
  • Php php 7.1.0
  • Php php 7.1.1
  • Php php 7.1.10
  • Php php 7.1.11
  • Php php 7.1.12
  • Php php 7.1.13
  • Php php 7.1.14
  • Php php 7.1.15
  • Php php 7.1.16
  • Php php 7.1.17
  • Php php 7.1.18
  • Php php 7.1.19
  • Php php 7.1.2
  • Php php 7.1.20
  • Php php 7.1.21
  • Php php 7.1.22
  • Php php 7.1.23
  • Php php 7.1.24
  • Php php 7.1.25
  • Php php 7.1.3
  • Php php 7.1.4
  • Php php 7.1.5
  • Php php 7.1.6
  • Php php 7.1.7
  • Php php 7.1.8
  • Php php 7.1.9
  • Php php 7.2.0
  • Php php 7.2.1
  • Php php 7.2.10
  • Php php 7.2.11
  • Php php 7.2.12
  • Php php 7.2.13
  • Php php 7.2.2
  • Php php 7.2.3
  • Php php 7.2.4
  • Php php 7.2.5
  • Php php 7.2.6
  • Php php 7.2.7
  • Php php 7.2.8
  • Php php 7.2.9
  • Php php 7.3.0
  • Php php 7.3.1

References

  • CVE: CVE-2019-9022
  • URL: https://bugs.php.net/bug.php?id=77369

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out