Description
In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.0.x Denial of Service (3.0.0 - 3.0.3)
Oracle Database Server CVE-2009-1020 Vulnerability (CVE-2009-1020)
MySQL CVE-2017-3320 Vulnerability (CVE-2017-3320)
WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (7.8.9)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15099)