CVE-2026-7568

🗓️ 10 May 2026 05:16:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 4 Views

PHP metaphone may overflow a signed int for strings over 2147483647 bytes, causing segmentation faults.

Reporter	Title	Published	Views	Family All 130
ATTACKERKB	CVE-2026-7568	10 May 202603:42	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2026-1726)	26 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2026-1727)	26 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2026-1728)	27 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.5, php8.5-bcmath, php8.5-cli (ALAS2023-2026-1733)	27 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2026-011 (ALASPHP8.2-2026-011)	27 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : php:8.3 (ALSA-2026:22142)	2 Jun 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : php:8.2 (ALSA-2026:22143)	2 Jun 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : php:8.2 (ALSA-2026:22305)	2 Jun 202600:00	–	nessus
Tenable Nessus	Debian dla-4586 : libapache2-mod-php7.4 - security update	15 May 202600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	14.04	any	php5	0	php5_0_any.deb
Ubuntu	16.04	any	php7.0	0	php7.0_0_any.deb
Ubuntu	18.04	any	php7.2	0	php7.2_0_any.deb
Ubuntu	20.04	any	php7.4	0	php7.4_0_any.deb
Ubuntu	22.04	any	php8.1	0	php8.1_0_any.deb
Ubuntu	24.04	any	php8.3	0	php8.3_0_any.deb
Ubuntu	25.10	any	php8.4	0	php8.4_0_any.deb
Ubuntu	26.04	any	php8.5	0	php8.5_0_any.deb

Source	Link
cve	www.cve.org/CVERecord
github	www.github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57

27 May 2026 17:48Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

CVSS 46.3

EPSS0.00055

SSVC

metaphone function signed integer overflow two billion strings segmentation fault out of memory