Xfourj

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 **Description** Certain functions, including `urldecode()`, pass signed characters to ctype functions such as `isxdigit()`. On systems utilizing default signed characters and optimized table-lookup ctype functions, such as NetBSD, this behavior can result in accessing an array with a negative offset, potentially triggering a denial of service. **Recommendations** Update PHP version 8.2.x to 8.2.31 Update PHP version 8.3.x to 8.3.31 Update PHP version 8.4.x to 8.4.21 Update PHP version 8.5.x to 8.5.6