PHP is vulnerable to out-of-bounds reads. The vulnerability exists in match_at() during regular expression searching because of a logical error involving order of validation and access in match_at().
www.securityfocus.com/bid/101244
access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.1_release_notes/chap-rhscl#sect-RHSCL-Changes-php
access.redhat.com/errata/RHSA-2018:1296
access.redhat.com/security/updates/classification/#moderate
github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
github.com/kkos/oniguruma/issues/57