Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-19395

Опубликовано: 20 нояб. 2018
Источник: debian
EPSS Низкий

Описание

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php7.3not-affectedpackage
php7.2not-affectedpackage
php7.1not-affectedpackage
php7.0not-affectedpackage
php5not-affectedpackage

Примечания

  • https://bugs.php.net/bug.php?id=77177

EPSS

Процентиль: 82%
0.01818
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-19395

CVSS3: 7.5
ubuntu
больше 6 лет назад

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").

nvd логотип

CVE-2018-19395

CVSS3: 7.5
nvd
больше 6 лет назад

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").

github логотип

GHSA-9qh3-h8f3-pxrf

CVSS3: 7.5
github
около 3 лет назад

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").

fstec логотип

BDU:2022-02429

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость компонента ext/standard/var.c интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 82%
0.01818
Низкий