CVEs-PoC/2016/CVE-2016-7412.md

### [CVE-2016-7412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.

### POC

#### Reference
- https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1
- https://www.tenable.com/security/tns-2016-19

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/RClueX/Hackerone-Reports
- https://github.com/imhunterand/hackerone-publicy-disclosed