CVE-2016-4540

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.35 PHP versions 5.6.x prior to 5.6.21 PHP versions 7.x prior to 7.0.6

Description The issue is related to the grapheme stripos function in PHP, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have other impacts via a negative offset. This is due to a buffer overflow vulnerability in the grapheme string.c file.

Recommendations For PHP versions prior to 5.5.35, update to version 5.5.35 or later. For PHP versions 5.6.x prior to 5.6.21, update to version 5.6.21 or later. For PHP versions 7.x prior to 7.0.6, update to version 7.0.6 or later. As a temporary workaround, consider restricting access to the grapheme stripos function until a patch is available.