CVE-2026-7568
Received Received - Intake
Integer Overflow in PHP Metaphone Function

Publication date: 2026-05-10

Last updated on: 2026-05-10

Assigner: PHP Group

Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-10
Last Modified
2026-05-10
Generated
2026-06-19
AI Q&A
2026-05-10
EPSS Evaluated
2026-06-18
NVD
CVE-2026-7568
EUVD
EUVD-2026-28972
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
php php to 8.2.31 (exc)
php php to 8.3.31 (exc)
php php to 8.4.21 (exc)
php php to 8.5.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7568 is a vulnerability in PHP's metaphone() function, which is used for phonetic word matching. The issue arises because the function uses a signed integer variable to track the current position within the input string.

If an input string longer than 2,147,483,647 bytes is passed, this signed integer overflows, causing undefined behavior. This overflow can cause the integer to wrap around to a negative value, leading to out-of-bounds reads.

As a result, this can cause a segmentation fault or access to unrelated memory, potentially affecting the stability and availability of the PHP process.

Impact Analysis

This vulnerability can impact you by causing the PHP process to crash or behave unpredictably when processing extremely large input strings with the metaphone() function.

Such crashes or memory access violations can lead to denial of service, affecting the availability of applications relying on PHP.

Detection Guidance

This vulnerability occurs when the metaphone() function in PHP processes an input string longer than 2,147,483,647 bytes, causing a signed integer overflow. Detection involves checking the PHP version and monitoring for crashes or segmentation faults related to the metaphone() function.

You can detect vulnerable PHP versions by running the following command to check the installed PHP version:

  • php -v

To detect if the vulnerability is being triggered, monitor PHP error logs for segmentation faults or crashes related to metaphone(). Additionally, you can test the function by passing a very large string (larger than 2,147,483,647 bytes) to metaphone() in a controlled environment to see if it causes a crash.

Mitigation Strategies

The primary mitigation step is to upgrade PHP to a patched version where this vulnerability is fixed. Specifically, upgrade to PHP versions 8.2.31 or later, 8.3.31 or later, 8.4.21 or later, or 8.5.6 or later.

Until the upgrade can be performed, avoid processing extremely large input strings with the metaphone() function to prevent triggering the integer overflow.

Additionally, monitor your PHP processes for crashes and consider implementing input validation or size limits on strings passed to metaphone() to reduce risk.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7568. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart