ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.
[
{
"digest": {
"function_hash": "227528518145986743866062786954349080389",
"length": 485.0
},
"id": "CVE-2016-7134-963245d6",
"source": "https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "PHP_FUNCTION",
"file": "ext/curl/interface.c"
},
"signature_type": "Function"
},
{
"digest": {
"function_hash": "184380690513653864814768737943733668699",
"length": 419.0
},
"id": "CVE-2016-7134-b420cec9",
"source": "https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "PHP_FUNCTION",
"file": "ext/curl/interface.c"
},
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"335787309558971530386158521091974235944",
"59168245641041532536797173049677161686",
"170355232463213619986421451949240296569",
"323272686444899214637338609833576987879",
"230973073276262990912696048641882976157",
"298474625450453199991691042508450365921",
"46581261744944443022068226888566926896",
"182149807505015830507255396834038439832",
"187567355692959817030279297524340235862",
"329201391369088865734968587245595121480",
"215314933792689006791172564644187737241"
],
"threshold": 0.9
},
"id": "CVE-2016-7134-b78da87e",
"source": "https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "ext/curl/interface.c"
},
"signature_type": "Line"
}
]