ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
{ "vanir_signatures": [ { "id": "CVE-2016-7412-3762bf47", "signature_type": "Line", "target": { "file": "ext/mysqlnd/mysqlnd_wireprotocol.c" }, "digest": { "line_hashes": [ "249684498042240104919474913087959312133", "294106856008990921454682331070541347290", "291790975272401864220714640723204659645", "182463667427846090686334541930162249051", "23221408885960602770248951632829372883", "102519181322775604896206692251875183170", "217819109308750851380110347289940526217", "229437743912094742651351551469076772872" ], "threshold": 0.9 }, "source": "https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132", "signature_version": "v1", "deprecated": false } ] }