A flaw was found in PHP. The metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an out-of-bounds read. This issue can cause a denial of service.

This issue can be exploited by passing an excessively large string, exceeding 2,147,483,647 bytes, to the metaphone() function. This function is used for searching and matching words based on their phonetic sound. The large string can lead to a signed integer overflow that allows an attacker to cause an out-of-bounds read, resulting in a denial of service. Due to these reasons, this vulnerability has been rated with an important severity. To mitigate this vulnerability, validate the length of any user-controlled input before passing it to the metaphone() function. Also, verify the PHP and web server configuration to ensure memory limits and maximum request sizes are restricted to below ~2 GiB. Red Hat Enterprise Linux 10 2026-06-02T00:00:00Z RHSA-2026:22649 php8.4-0:8.4.21-1.el10_2 Red Hat Enterprise Linux 8 2026-06-01T00:00:00Z RHSA-2026:22305 php:8.2-8100020260521052503.f7998665 Red Hat Enterprise Linux 9 2026-06-01T00:00:00Z RHSA-2026:22142 php:8.3-9080020260521113736.9 Red Hat Enterprise Linux 9 2026-06-01T00:00:00Z RHSA-2026:22143 php:8.2-9080020260521080715.9 Red Hat Enterprise Linux 10 Affected php Red Hat Enterprise Linux 6 Not affected php Red Hat Enterprise Linux 7 Not affected php Red Hat Enterprise Linux 8 Not affected php:7.4/php Red Hat Enterprise Linux 9 Not affected php Red Hat Hardened Images Not affected php https://www.cve.org/CVERecord?id=CVE-2026-7568 https://nvd.nist.gov/vuln/detail/CVE-2026-7568 https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57