CVE-2016-7134
CVSS 9.8 - CRITICAL
Description
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.
Affected Products
10| Vendor | Product | Version |
|---|---|---|
| php | php |
7.0.0
|
| php | php |
7.0.1
|
| php | php |
7.0.2
|
| php | php |
7.0.3
|
| php | php |
7.0.4
|
| php | php |
7.0.5
|
| php | php |
7.0.6
|
| php | php |
7.0.7
|
| php | php |
7.0.8
|
| php | php |
7.0.9
|
References
Weakness Types
CWE-119
CVE Information
- CVE ID:
CVE-2016-7134- Published:
- 2016-09-12
- Modified:
- 2026-05-06
- CVSS Score:
- 9.8
- Severity:
- CRITICAL
- Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
php
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL