CVE-2026-7568

CVE-2026-7568 concerns a signed integer overflow in PHP’s metaphone() implementation (ext/standard/metaphone.c). In affected releases (PHP 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6), the function uses a signed int to track the current input position. If...

PHP 缓冲区错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a buffer error vulnerability. This vulnerability stemmed from the use of the metaphone function, which used signed integer variables to track the current...