Vulnerability identifier: #VU524
Vulnerability risk: High
Exploitation vector: Local
Exploit availability: No
Vendor: PHP Group
The vulnerability allows a remote or local user to cause arbitrary code execution on the target system.
The weakness is caused by heap overflow during handling of BIT fields in mysqlnd that allows a malicious user to execute arbitrary code.
Successful explotation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Vulnerable software versions
PHP: 5.6.26, 7.0.11
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?