CVE-2016-4538

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.35 PHP versions 5.6.x prior to 5.6.21 PHP versions 7.x prior to 7.0.6

Description The issue exists due to insufficient input validation in the bcpowmod function of the PHP interpreter. This can be exploited by a remote attacker to cause a denial of service or possibly have other unspecified impacts via a specially crafted call. The bcpowmod function modifies certain data structures without considering whether they are copies of the global variables.

Recommendations For PHP versions prior to 5.5.35, update to version 5.5.35 or later. For PHP versions 5.6.x prior to 5.6.21, update to version 5.6.21 or later. For PHP versions 7.x prior to 7.0.6, update to version 7.0.6 or later.