Description

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.

Remediation

References

CVE-2016-7412

Related Vulnerabilities

MySQL CVE-2018-2782 Vulnerability (CVE-2018-2782)

MySQL CVE-2019-2528 Vulnerability (CVE-2019-2528)

Oracle Application Server CVE-2006-3713 Vulnerability (CVE-2006-3713)

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19594)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.6.4)

Severity

High

Classification

CVE-2016-7412 CWE-119 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities