A vulnerability in PHP could allow an unauthenticated, remote attacker to completely compromise a targeted system.
The vulnerability exists in the mb_split() function, as defined in the ext/mbstring/php_mbregex.c source code file, and is due to improper memory operations that are performed by the affected software when handling an invalid multibyte string supplied as an argument. An attacker could exploit the vulnerability to cause PHP to execute the memcpy() function with a negative argument on the targeted system. A successful exploit could cause buffer over-read and over-write conditions, which could allow the attacker to completely compromise the targeted system.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
PHP has confirmed the vulnerability and released software updates.