Fortinet Discovers Multiple PHP 'Regular Expression' Parsing Memory Corruption Vulnerabilities
Fortinet's FortiGuard Labs has discovered multiple memory corruption vulnerabilities in PHP scripting language.
PHP is a popular general-purpose scripting language that is especially suited to web development.
These discovered vulnerabilities are caused due to incorrectly handling specially crafted regular expressions. They could be exploited by attackers via crafted regular expression with regex functions such as preg_match().
SolutionsUsers should apply the solution provided by PHP.
The vulnerabilities actually exist in the 3rd-party PCRE library incorporated into PHP. The PCRE library 8.37 has fixed them.
This vulnerability was discovered by Kai Lu of Fortinet's FortiGuard Labs.