ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.
{ "vanir_signatures": [ { "target": { "function": "PHP_FUNCTION", "file": "ext/curl/interface.c" }, "signature_type": "Function", "id": "CVE-2016-7134-963245d6", "digest": { "function_hash": "227528518145986743866062786954349080389", "length": 485.0 }, "signature_version": "v1", "source": "https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7", "deprecated": false }, { "target": { "function": "PHP_FUNCTION", "file": "ext/curl/interface.c" }, "signature_type": "Function", "id": "CVE-2016-7134-b420cec9", "digest": { "function_hash": "184380690513653864814768737943733668699", "length": 419.0 }, "signature_version": "v1", "source": "https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7", "deprecated": false }, { "target": { "file": "ext/curl/interface.c" }, "signature_type": "Line", "id": "CVE-2016-7134-b78da87e", "digest": { "threshold": 0.9, "line_hashes": [ "335787309558971530386158521091974235944", "59168245641041532536797173049677161686", "170355232463213619986421451949240296569", "323272686444899214637338609833576987879", "230973073276262990912696048641882976157", "298474625450453199991691042508450365921", "46581261744944443022068226888566926896", "182149807505015830507255396834038439832", "187567355692959817030279297524340235862", "329201391369088865734968587245595121480", "215314933792689006791172564644187737241" ] }, "signature_version": "v1", "source": "https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7", "deprecated": false } ] }