New PHP Vulnerability
Recently, a critical vulnerability was discovered in PHP, specifically with the iconv function in the GNU C library versions 2.39 and older. This function is used to switch between different language encodings. The vulnerability takes advantage of language encoding escape sequences to trigger a buffer overflow, allowing memory to be read and written outside of the intended memory area. Security researcher Charles Fol discovered that this could be used for remote code execution. The vulnerability is over 24 years old. Although it has been patched in newer versions of glibc, the default version included with PHP has not been patched. The specifics of how to perform remote code execution have not been published yet, but Charles Fol has plans to publish them soon. Users of PHP are advised to update to the latest glibc as soon as they can.