PHP CURLFile denial of Service Vulnerability (CVE-2016-9137)


PHP is a widely used general-purpose scripting language, particularly suitable for Web development, can be embedded into the HTML.

PHP < 5.6.27, 7.x < 7.0.12 version, ext/curl/curl_file.c /CURLFile exists after the release of the use of security vulnerabilities, remote attackers through the construction of data, can cause denial of service.

PHP CURLFile denial of Service Vulnerability (CVE-2016-9137)
Release date: 2017-01-04
Update Date: 2017-01-05
Affected system:
PHP PHP < 5.6.27
PHP 7.x PHP < 7.0.12


Vendor patch:

At present, the vendor has released an upgrade patch to fix this security issue, please go to the vendor’s home page to download:

Share This: