go to bug id or search bugs for
Stefan Esser pointed out that the following commit fixes a heap-based buffer overflow in DNS TXT record parsing:
A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
Add a Patch
Add a Pull Request
The fix for this bug has been committed.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.