CVE-2026-7568
Integer Overflow in PHP Metaphone Function
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: PHP Group
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| php | php | to 8.2.31 (exc) |
| php | php | to 8.3.31 (exc) |
| php | php | to 8.4.21 (exc) |
| php | php | to 8.5.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7568 is a vulnerability in PHP's metaphone() function, which is used for phonetic word matching. The issue arises because the function uses a signed integer variable to track the current position within the input string.
If an input string longer than 2,147,483,647 bytes is passed, this signed integer overflows, causing undefined behavior. This overflow can cause the integer to wrap around to a negative value, leading to out-of-bounds reads.
As a result, this can cause a segmentation fault or access to unrelated memory, potentially affecting the stability and availability of the PHP process.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the PHP process to crash or behave unpredictably when processing extremely large input strings with the metaphone() function.
Such crashes or memory access violations can lead to denial of service, affecting the availability of applications relying on PHP.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when the metaphone() function in PHP processes an input string longer than 2,147,483,647 bytes, causing a signed integer overflow. Detection involves checking the PHP version and monitoring for crashes or segmentation faults related to the metaphone() function.
You can detect vulnerable PHP versions by running the following command to check the installed PHP version:
- php -v
To detect if the vulnerability is being triggered, monitor PHP error logs for segmentation faults or crashes related to metaphone(). Additionally, you can test the function by passing a very large string (larger than 2,147,483,647 bytes) to metaphone() in a controlled environment to see if it causes a crash.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade PHP to a patched version where this vulnerability is fixed. Specifically, upgrade to PHP versions 8.2.31 or later, 8.3.31 or later, 8.4.21 or later, or 8.5.6 or later.
Until the upgrade can be performed, avoid processing extremely large input strings with the metaphone() function to prevent triggering the integer overflow.
Additionally, monitor your PHP processes for crashes and consider implementing input validation or size limits on strings passed to metaphone() to reduce risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.