VYPR
Critical severity9.8OSV Advisory· Published Feb 22, 2019· Updated Jun 17, 2026

CVE-2019-9023

CVE-2019-9023

Description

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

74

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.