Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.
Published: 2026-05-10
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Signed integer overflow occurs in PHP's metaphone() when a string longer than 2,147,483,647 bytes is passed. The signed int tracking the current position overflows, causing undefined behavior that can lead to an out‑of‑bounds read. This may trigger a segmentation fault or read unrelated memory, resulting in the PHP process crashing and its availability being compromised.

Affected Systems

PHP Group: PHP versions 8.2.x prior to 8.2.31, 8.3.x prior to 8.3.31, 8.4.x prior to 8.4.21, and 8.5.x prior to 8.5.6.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker could trigger the overflow by supplying a very long string to metaphone() in a PHP application. The CVE does not explicitly state how the function is exposed, but it is inferred that applications processing user‑supplied data may provide a network‑exposed entry point, making the attack potentially reachable over the network. The result is a segmentation fault that crashes the PHP process, denying service and impacting availability, though neither confidentiality nor integrity is compromised.

Generated by OpenCVE AI on May 10, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PHP to the patched version (8.2.31 or later, 8.3.31 or later, 8.4.21 or later, 8.5.6 or later).
  • If an upgrade is not feasible, ensure that input to metaphone() is validated to be less than 2,147,483,647 bytes.
  • Monitor PHP processes for crashes and apply runtime monitoring tools to detect segmentation faults promptly.

Generated by OpenCVE AI on May 10, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4586-1 php7.4 security update
Debian DSA Debian DSA DSA-6255-1 php8.2 security update
Debian DSA Debian DSA DSA-6256-1 php8.4 security update
Ubuntu USN Ubuntu USN USN-8336-1 PHP vulnerabilities
History

Wed, 27 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 12 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Php
Php php
CPEs cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Vendors & Products Php
Php php
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 10 May 2026 05:45:00 +0000

Type Values Removed Values Added
First Time appeared Php Group
Php Group php
Vendors & Products Php Group
Php Group php

Sun, 10 May 2026 04:45:00 +0000

Type Values Removed Values Added
Description In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.
Title Signed integer overflow in metaphone()
Weaknesses CWE-125
CWE-190
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/RE:L/U:Amber'}

Subscriptions

Php Php
Php Group Php
cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published:

Updated: 2026-05-11T13:25:17.197Z

Reserved: 2026-04-30T21:08:49.047Z

Link: CVE-2026-7568

cve-icon Vulnrichment

Updated: 2026-05-11T13:25:13.832Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-10T05:16:11.920

Modified: 2026-05-12T17:38:55.947

Link: CVE-2026-7568

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-10T03:42:36Z

Links: CVE-2026-7568 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T06:00:06Z

Weaknesses