Description
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2814 Vulnerability (CVE-2020-2814)
Zope Web Application Server Other Vulnerability (CVE-2006-3458)
WordPress Plugin LearnDash LMS Insecure Direct Object Reference (4.6.0)
Atlassian Jira CVE-2019-8448 Vulnerability (CVE-2019-8448)
WordPress Plugin Ocean Extra Cross-Site Request Forgery (1.6.5)