CVE-2016-4071

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.5.34 PHP versions 5.6.x prior to 5.6.20 PHP versions 7.x prior to 7.0.5

Description The issue exists due to insufficient input validation in the php snmp error function. This allows a remote attacker to execute arbitrary code via format string specifiers in an SNMP::get call.

Recommendations For PHP versions prior to 5.5.34, update to version 5.5.34 or later. For PHP versions 5.6.x prior to 5.6.20, update to version 5.6.20 or later. For PHP versions 7.x prior to 7.0.5, update to version 7.0.5 or later. As a temporary workaround, consider restricting the use of the php snmp error function until a patch is available. Avoid using format string specifiers in SNMP::get calls until the issue is resolved.