Description
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2782 Vulnerability (CVE-2018-2782)
MySQL CVE-2019-2528 Vulnerability (CVE-2019-2528)
Oracle Application Server CVE-2006-3713 Vulnerability (CVE-2006-3713)
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19594)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.6.4)