High severity8.1NVD Advisory· Published Sep 12, 2016· Updated May 6, 2026
CVE-2016-7133
CVE-2016-7133
Description
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911nvdIssue TrackingPatch
- bugs.php.net/bug.phpnvdExploitIssue Tracking
- openwall.com/lists/oss-security/2016/09/02/9nvdMailing List
- www.php.net/ChangeLog-7.phpnvdRelease Notes
- www.securityfocus.com/bid/92765nvd
- security.gentoo.org/glsa/201611-22nvd
News mentions
0No linked articles in our index yet.