diff --git a/NEWS b/NEWS
index e577e05e1dc..153cb583e9c 100644
--- a/NEWS
+++ b/NEWS
@@ -42,6 +42,10 @@ PHP                                                                        NEWS
   . Added warning to log when fpm socket was not registered on the expected
     path. (Joshua Behrens, Jakub Zelenka)
 
+- Hash:
+  . Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options
+    parameter in signature. (ilutov)
+
 - Intl:
   . Fix memory leak in MessageFormatter::format() on failure. (Girgias)
 
diff --git a/ext/hash/hash.c b/ext/hash/hash.c
index 14da238b264..5818901a765 100644
--- a/ext/hash/hash.c
+++ b/ext/hash/hash.c
@@ -993,7 +993,7 @@ PHP_FUNCTION(hash_pbkdf2)
 	bool raw_output = 0;
 	const php_hash_ops *ops;
 	void *context;
-	HashTable *args;
+	HashTable *args = NULL;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Sssl|lbh", &algo, &pass, &pass_len, &salt, &salt_len, &iterations, &length, &raw_output, &args) == FAILURE) {
 		RETURN_THROWS();
diff --git a/ext/hash/hash.stub.php b/ext/hash/hash.stub.php
index e0439c67bf2..e6368e48719 100644
--- a/ext/hash/hash.stub.php
+++ b/ext/hash/hash.stub.php
@@ -60,7 +60,7 @@ function hash_hmac_algos(): array {}
 /**
  * @refcount 1
  */
-function hash_pbkdf2(string $algo, #[\SensitiveParameter] string $password, string $salt, int $iterations, int $length = 0, bool $binary = false): string {}
+function hash_pbkdf2(string $algo, #[\SensitiveParameter] string $password, string $salt, int $iterations, int $length = 0, bool $binary = false, array $options = []): string {}
 
 function hash_equals(#[\SensitiveParameter] string $known_string, #[\SensitiveParameter] string $user_string): bool {}
 
diff --git a/ext/hash/hash_arginfo.h b/ext/hash/hash_arginfo.h
index d52a5979cb1..c6886d2d28e 100644
--- a/ext/hash/hash_arginfo.h
+++ b/ext/hash/hash_arginfo.h
@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 8838801d9789d4b77d57b290d993ee37784bbd1f */
+ * Stub hash: f4531ebc6817042a2729c3dd1502631656c29f05 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_hash, 0, 2, IS_STRING, 0)
 	ZEND_ARG_TYPE_INFO(0, algo, IS_STRING, 0)
@@ -74,6 +74,7 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_hash_pbkdf2, 0, 4, IS_STRING, 0)
 	ZEND_ARG_TYPE_INFO(0, iterations, IS_LONG, 0)
 	ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, length, IS_LONG, 0, "0")
 	ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, binary, _IS_BOOL, 0, "false")
+	ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, options, IS_ARRAY, 0, "[]")
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_hash_equals, 0, 2, _IS_BOOL, 0)