php: buffer overflow on bad DNS TXT records (CVE-2014-4049)
PHP heap-based buffer overflow in DNS TXT record parsing. `dlen` can be small but then the chunk length could exceed it and overrun the buffer.
An example site with this bug is berlin.polemb.net running this code:
$types = array(‘AAAA’ =>1, ‘A’ =>1);
$records = dns_get_record(“berlin.polemb.net”,
DNS_A | DNS_TXT | DNS_AAAA | DNS_CNAME,
(from redmine: issue id 3067, created on 2014-06-20, closed on 2014-06-24)