Wachiraphan Charoenwet

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 **Description** A mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, which results in a segmentation fault and denial of service. This occurs when user-controlled input influences the encoding passed to the `mb regex encoding()` function. **Recommendations** Update to version 8.2.31 or later. Update to version 8.3.31 or later. Update to version 8.4.21 or later. Update to version 8.5.6 or later. As a temporary workaround, restrict user-controlled input from influencing the encoding passed to the `mb regex encoding()` function.