PHP Out-of-bounds Read Vulnerability - CVE-2019-9023

An issue was discovered in PHP before 5.6.40 7.x before 7.1.26 7.2.x before 7.2.14 and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c ext/mbstring/oniguruma/regexec.c ext/mbstring/oniguruma/regparse.c ext/mbstring/oniguruma/enc/unicode.c and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.