ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for Languages
- CVEs
- Releases
- Projects
- Documentation

CVE-2018-19395

Updated: 2024-11-24 04:15:52.837684

Description:

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x	MEDIUM	5
CVSS Version 3.x	HIGH	7.5

Status

OS name	Project name	Version	Score	Severity	Status	Last updated
EL 6 PHP	php	5.3	7.5	HIGH	Ignored	2024-05-14 17:16:57
EL 6 PHP	php	7.1	7.5	HIGH	Ignored	2024-05-14 17:16:47
EL 6 PHP	php	8.0	7.5	HIGH	Ignored	2024-05-14 17:16:53
EL 6 PHP	php	7.2	7.5	HIGH	Ignored	2024-05-14 17:16:57
EL 6 PHP	php	5.4	7.5	HIGH	Ignored	2024-05-14 17:16:57
EL 6 PHP	php	7.3	7.5	HIGH	Ignored	2024-05-14 17:16:57
EL 6 PHP	php	5.2	7.5	HIGH	Ignored	2024-05-14 17:16:57
EL 6 PHP	php	7.4	7.5	HIGH	Ignored	2024-05-14 17:16:53
EL 6 PHP	php	5.5	7.5	HIGH	Ignored	2024-05-14 17:16:52
EL 6 PHP	php	8.2	7.5	HIGH	Ignored	2024-05-14 17:16:49

Total: 97