CVEs-PoC/2016/CVE-2016-7412.md at e7be3f24665f27f4f8a571f070ce04dfd1f54dc4

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 10:14:49 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.

POC

Reference

https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1
https://www.tenable.com/security/tns-2016-19

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/RClueX/Hackerone-Reports
https://github.com/imhunterand/hackerone-publicy-disclosed

963 B Raw Blame History

CVE-2016-7412

Description

POC

Reference

Github

963 B

Raw Blame History