CVE-2016-7134

Name	CVE-2016-7134
Description	ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
php5	source	(unstable)	(not affected)
php7.0	source	(unstable)	7.0.10-1

Notes

- php5 <not-affected> (Only affects PHP 7)
PHP Bug: https://bugs.php.net/bug.php?id=72674
Fixed in 7.0.10
https://www.openwall.com/lists/oss-security/2016/09/02/5
https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7?w=1