CVE-2018-19396 — Vulnetix

CVE-2018-19396 PUBLISHED CVSS 7.5 HIGH

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.

EPSS 1.02% · 77.5th percentile

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

1.02%

77.5th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
php	php	5.0.0

Timeline

Nov 20, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 25, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 27, 2022 EPSS Score
Jul 2, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 10, 2023 EPSS Score
May 12, 2023 EPSS Score

References

https://bugs.php.net/bug.php?id=77177 url
http://www.securityfocus.com/bid/105989 advisory
https://security.netapp.com/advisory/ntap-20181221-0005/ url
https://nvd.nist.gov/vuln/detail/CVE-2018-19396 advisory
https://security.netapp.com/advisory/ntap-20181221-0005 url

Open in Interactive Console →