Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7412)

Description

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.

Remediation

References

Related Vulnerabilities

WebLogic CVE-2017-10137 Vulnerability (CVE-2017-10137)

WordPress Plugin VaultPress Remote Code Execution (1.9.0)

SharePoint CVE-2022-44693 Vulnerability (CVE-2022-44693)

Apache HTTP Server Other Vulnerability (CVE-2010-0408)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7061)

Severity

High

Classification

CVE-2016-7412 CWE-119 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities