Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when user-controlled input can influence the encoding passed to mb_regex_encoding().
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 12 | | =8.2.10-1 || =8.2.10-2 || =8.2.12-1 || =8.2.16-1 || =8.2.16-2 || =8.2.17-1 || =8.2.18-1 || =8.2.18-1~deb12u1 || =8.2.20-1~deb12u1 || =8.2.20-2 || =8.2.20-3 || =8.2.21-1 || =8.2.23-1 || =8.2.24-1 || =8.2.24-1~deb12u1 || =8.2.26-1~deb12u1 || =8.2.26-4 || =8.2.27-1 || =8.2.28-1~deb12u1 || =8.2.29-1~deb12u1 || =8.2.30-1~deb12u1 || =8.2.5-2 || =8.2.7-1 || =8.2.7-1.1 || =8.2.7-1.2 || =8.2.7-1~deb12u1 || >=0 <8.2.31-1~deb12u1 | 8.2.31-1~deb12u1 |
debian 13 | | =8.4.11-1 || =8.4.16-1 || =8.4.16-1~deb13u1 || =8.4.20-1 || >=0 <8.4.21-1~deb13u1 | 8.4.21-1~deb13u1 |
debian 14 | | =8.4.11-1 || =8.4.16-1 || =8.4.16-1~deb13u1 || =8.4.20-1 || =8.4.21-1~deb13u1 || >=0 <8.4.21-1 | 8.4.21-1 |
 rpm rhel10 | | | 0:8.3.31-1.el10_2 |
rpm rhel8 | | - | - |
rpm rhel9 | | - | - |
rpm rhel10 | | - | - |
