Name | CVE-2018-19396 |
Description | ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
php5 | source | (unstable) | (not affected) | |||
php7.0 | source | (unstable) | (not affected) | |||
php7.1 | source | (unstable) | (not affected) | |||
php7.2 | source | (unstable) | (not affected) | |||
php7.3 | source | (unstable) | (not affected) |
- php7.3 <not-affected> (Windows-specific)
- php7.2 <not-affected> (Windows-specific)
- php7.1 <not-affected> (Windows-specific)
- php7.0 <not-affected> (Windows-specific)
- php5 <not-affected> (Windows-specific)
https://bugs.php.net/bug.php?id=77177