In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when user-controlled input can influence the encoding passed to mb_regex_encoding().
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | 8.2.0 (including) | 8.2.31 (excluding) |
| Php | Php | 8.3.0 (including) | 8.3.31 (excluding) |
| Php | Php | 8.4.0 (including) | 8.4.21 (excluding) |
| Php | Php | 8.5.0 (including) | 8.5.6 (excluding) |
| Red Hat Enterprise Linux 10 | RedHat | php-0:8.3.31-1.el10_2 | * |
| Php7.0 | Ubuntu | esm-infra/xenial | * |
| Php8.1 | Ubuntu | jammy | * |
| Php8.3 | Ubuntu | noble | * |
| Php8.3 | Ubuntu | upstream | * |
| Php8.4 | Ubuntu | questing | * |
| Php8.4 | Ubuntu | upstream | * |
| Php8.5 | Ubuntu | devel | * |
| Php8.5 | Ubuntu | resolute | * |
| Php8.5 | Ubuntu | upstream | * |