Fluid Attacks Database

Description

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	php8.2	=8.2.10-1 \|\| =8.2.10-2 \|\| =8.2.12-1 \|\| =8.2.16-1 \|\| =8.2.16-2 \|\| =8.2.17-1 \|\| =8.2.18-1 \|\| =8.2.18-1~deb12u1 \|\| =8.2.20-1~deb12u1 \|\| =8.2.20-2 \|\| =8.2.20-3 \|\| =8.2.21-1 \|\| =8.2.23-1 \|\| =8.2.24-1 \|\| =8.2.24-1~deb12u1 \|\| =8.2.26-1~deb12u1 \|\| =8.2.26-4 \|\| =8.2.27-1 \|\| =8.2.28-1~deb12u1 \|\| =8.2.29-1~deb12u1 \|\| =8.2.30-1~deb12u1 \|\| =8.2.5-2 \|\| =8.2.7-1 \|\| =8.2.7-1.1 \|\| =8.2.7-1.2 \|\| =8.2.7-1~deb12u1 \|\| >=0 <8.2.31-1~deb12u1	8.2.31-1~deb12u1
debian 11	php7.4	=7.4.21-1+deb11u1 \|\| =7.4.25-1+deb11u1 \|\| =7.4.26-1 \|\| =7.4.28-1+deb11u1 \|\| =7.4.30-1+deb11u1 \|\| =7.4.33-1+deb11u1 \|\| =7.4.33-1+deb11u10 \|\| =7.4.33-1+deb11u3 \|\| =7.4.33-1+deb11u4 \|\| =7.4.33-1+deb11u5 \|\| =7.4.33-1+deb11u6 \|\| =7.4.33-1+deb11u7 \|\| =7.4.33-1+deb11u8 \|\| =7.4.33-1+deb11u9 \|\| >=0 <7.4.33-1+deb11u11	7.4.33-1+deb11u11
debian 14	php8.4	=8.4.11-1 \|\| =8.4.16-1 \|\| =8.4.16-1~deb13u1 \|\| =8.4.20-1 \|\| =8.4.21-1~deb13u1 \|\| >=0 <8.4.21-1	8.4.21-1
debian 13	php8.4	=8.4.11-1 \|\| =8.4.16-1 \|\| =8.4.16-1~deb13u1 \|\| =8.4.20-1 \|\| >=0 <8.4.21-1~deb13u1	8.4.21-1~deb13u1
rpm rhel10	php	<0:8.3.31-1.el10_2	0:8.3.31-1.el10_2
rpm rhel8	php	<0:8.2.31-1.module+el8.10.0+24323+abc2b0db	0:8.2.31-1.module+el8.10.0+24323+abc2b0db
rpm rhel9	php	<0:8.2.31-1.module+el9.8.0+24325+74f58d38	0:8.2.31-1.module+el9.8.0+24325+74f58d38
rpm rhel10	php8.4	<0:8.4.21-1.el10_2	0:8.4.21-1.el10_2

Aliases

1. CVE-2026-75682. NVD-2026-75683. OSV-DEBIAN-2026-75684. OSV-2026-75685. SECURITY-TRACKER-CVE-2026-7568

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.