CVE-2026-7258— Out-of-bounds read in urldecode() on NetBSD
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7258
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-of-bounds read in urldecode() on NetBSD
Source: NVD (National Vulnerability Database)
Vulnerability Description
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can lead to accessing array with negative offset, which can trigger a denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-7258
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-7258
请登录查看更多情报信息。
Same Patch Batch · PHP Group · 2026-05-10 · 10 CVEs total
| CVE-2026-7262 | NULL pointer dereference in SOAP apache:Map decoder with missing <value> | |
| CVE-2026-7261 | SoapServer session-persisted object use-after-free via SOAP header fault | |
| CVE-2026-7259 | Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() | |
| CVE-2026-7568 | Signed integer overflow in metaphone() | |
| CVE-2026-6722 | Use-After-Free in SOAP using Apache map | |
| CVE-2026-6735 | XSS within PHP-FPM status endpoint | |
| CVE-2025-14179 | SQL injection in pdo_firebird via NUL bytes in quoted strings | |
| CVE-2026-7263 | DoS attack via DOMNode::C14N() | |
| CVE-2026-6104 | Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding |
IV. Related Vulnerabilities
Same product: PHP
- CVE-2026-7263
DoS attack via DOMNode::C14N() - CVE-2026-6104
Global buffer over-read in mb_convert_encoding() with attack - CVE-2026-6722
Use-After-Free in SOAP using Apache map - CVE-2026-7259
Null pointer dereference in php_mb_check_encoding() via mb_e - CVE-2026-7261
SoapServer session-persisted object use-after-free via SOAP
Same vendor: PHP Group
- CVE-2026-7263
DoS attack via DOMNode::C14N() - CVE-2026-6104
Global buffer over-read in mb_convert_encoding() with attack - CVE-2026-6722
Use-After-Free in SOAP using Apache map - CVE-2026-7259
Null pointer dereference in php_mb_check_encoding() via mb_e - CVE-2026-7261
SoapServer session-persisted object use-after-free via SOAP
Same weakness: CWE-125
- CVE-2026-8177
XML::LibXML versions through 2.0210 for Perl read out-of-bou - CVE-2026-6104
Global buffer over-read in mb_convert_encoding() with attack - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out- - CVE-2026-3508
ASUS System Control Interface 缓冲区错误漏洞 - CVE-2026-8088
OSGeo gdal GDapi.c GDfieldinfo out-of-bounds
V. Comments for CVE-2026-7258
No comments yet