Php · Php · CVE-2016-7412
**Name of the Vulnerable Software and Affected Versions**
PHP versions prior to 5.6.26
PHP versions 7.x prior to 7.0.11
**Description**
The issue is caused by a failure to verify that a BIT field has the UNSIGNED FLAG flag in the ext/mysqlnd/mysqlnd wireprotocol.c component of PHP. This could allow remote MySQL servers to cause a denial of service, specifically a heap-based buffer overflow, or possibly have other unspecified impacts via crafted field metadata.
**Recommendations**
For PHP versions prior to 5.6.26, update to version 5.6.26 or later.
For PHP versions 7.x prior to 7.0.11, update to version 7.0.11 or later.