Shaanan Cohney

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 **Description** A mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, which results in a segmentation fault and denial of service. This occurs when user-controlled input influences the encoding passed to the `mb regex encoding()` function. **Recommendations** Update to version 8.2.31 or later. Update to version 8.3.31 or later. Update to version 8.4.21 or later. Update to version 8.5.6 or later. As a temporary workaround, restrict user-controlled input from influencing the encoding passed to the `mb regex encoding()` function.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is related to the lack of protection for internal data in the Tcl component of the operating system. It can be exploited by a remote attacker to obtain sensitive information by leveraging SSLv2 support. **Recommendations** For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue. As a temporary workaround, consider disabling SSLv2 support to minimize the risk of exploitation.