Nikic

**Name of the Vulnerable Software and Affected Versions** Oniguruma versions prior to 6.9.4 **Description** The issue is related to a heap-based buffer over-read in the `str lower case match` function within the Oniguruma library, which is used for regular expression processing. This can potentially allow a remote attacker to cause a denial of service. **Recommendations** For Oniguruma versions prior to 6.9.4, update to version 6.9.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `str lower case match` function in the Oniguruma library until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.0.14 **Description** The issue is related to the unserialize implementation in PHP, which allows remote attackers to cause a denial of service or possibly have other impacts via crafted serialized data. This is due to an incomplete fix for a previous issue. The vulnerability is associated with the use of memory after it has been freed, and its exploitation can lead to a denial of service or other unspecified effects. **Recommendations** For PHP versions prior to 7.0.14, update to version 7.0.14 or later to resolve the issue. As a temporary workaround, consider restricting the use of the unserialize function until a patch is applied. Avoid using crafted serialized data in the affected API endpoints until the issue is resolved.