CVE-2018-19395 — Vulnetix

CVE-2018-19395 PUBLISHED CVSS 7.5 HIGH

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").

EPSS 1.97% · 83.8th percentile

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

1.97%

83.8th percentile

Affected Products

Vendor	Product	Versions
php	php	5.0.0
n/a	n/a	n/a

Timeline

Nov 20, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 25, 2021 EPSS Score
Dec 27, 2021 EPSS Score
May 1, 2022 EPSS Score
Jul 2, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Jan 7, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 12, 2023 EPSS Score
Jul 13, 2023 EPSS Score

References

105989 vdb
https://security.netapp.com/advisory/ntap-20181221-0005/ url
https://bugs.php.net/bug.php?id=77177 url
https://nvd.nist.gov/vuln/detail/CVE-2018-19395 advisory
https://security.netapp.com/advisory/ntap-20181221-0005 url

Open in Interactive Console →