A NULL Pointer Dereference in match_at in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression.Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.