Description
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Restaurant Menu by MotoPress Cross-Site Scripting (2.4.1)
Moodle Improper Input Validation Vulnerability (CVE-2022-35650)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.13)
WordPress Plugin Autoptimize Multiple Vulnerabilities (2.1.0)
Nexus Repository Manager Incorrect Authorization Vulnerability (CVE-2018-16620)