CVE-2016-7134
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call.
We have discovered 2,122,717 live websites that are affected by CVE-2016-7134.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 2,122,717 live websites (24.32% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 258 versions ( 47.17% of all versions) |
Details
- Published - Sep 12, 2016
- Updated - Aug 6, 2024
CVE References
CVE-2016-7134 usage by Country
 United States | 527,388 websites |
 Russia | 238,261 websites |
 France | 159,390 websites |
 Germany | 150,273 websites |
 Japan | 125,782 websites |
 Taiwan | 113,294 websites |
 Netherlands | 85,765 websites |
 China | 75,987 websites |
 GB | 44,045 websites |
 Poland | 37,443 websites |
CVE-2016-7134 usage by TLD
| .com | 898,813 websites |
| .ru | 204,147 websites |
| .de | 92,434 websites |
| .net | 78,367 websites |
| .nl | 57,904 websites |
| .fr | 57,665 websites |
| .org | 57,018 websites |
| .jp | 33,584 websites |
| .pl | 31,312 websites |
| .co.uk | 30,968 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2016-7134
Top websites that are affected by CVE-2016-7134. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.org | China | *** | |
| *****.***********.com |  Canada | *** | |
| **********.com | United States | *** | |
| **********.com | United States | *** | |
| ************.***.ar |  Argentina | *,*** | |
| *****.ru | Russia | *,*** | |
| ********.*********.com |  Singapore | *,*** | |
| ******************.com | United States | *,*** | |
| ***.org | United States | *,*** | |
| *********.******.net | United States | *,*** |
FAQ
A total of 2,122,717 websites have been identified as vulnerable to CVE-2016-7134, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2016-7134 vulnerability.
PHP versions before 7.0.10 are vulnerable to CVE-2016-7134.
Version 7.0.10 of PHP addresses the CVE-2016-7134 security vulnerability.
References
- http://www.php.net/ChangeLog-7.php
- https://security.gentoo.org/glsa/201611-22
- http://www.securitytracker.com/id/1036680
- https://bugs.php.net/bug.php?id=72674
- https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7?w=1
- http://www.securityfocus.com/bid/92766
- http://openwall.com/lists/oss-security/2016/09/02/9