Fedora Account System
Red Hat Associate
Red Hat Customer
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when user-controlled input can influence the encoding passed to mb_regex_encoding().
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:23388 https://access.redhat.com/errata/RHSA-2026:23388
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:33449 https://access.redhat.com/errata/RHSA-2026:33449