Launchpad.net

CVE 2016-7412

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.

Related bugs and status

CVE-2016-7412 (Candidate) is related to these bugs:

Bug #1641211: Please merge php7.0 7.0.12-2 from Debian unstable

Summary				In	Importance	Status
	1641211	Please merge php7.0 7.0.12-2 from Debian unstable		php7.0 (Ubuntu)	Undecided	Fix Released

Bug #1645431: [SRU] microrelease exception for src:php7.0 (7.0.13)

		In	Importance	Status
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Yakkety)	Medium	Fix Released
1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)	php7.0 (Ubuntu Xenial)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-7412

Related bugs and status

Related bugs

References