Description
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.
Remediation
References
Related Vulnerabilities
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.5)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4030)
WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)