Description

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.

Remediation

References

CVE-2018-19396

Related Vulnerabilities

WordPress Plugin Multiple Domain Cross-Site Scripting (1.0.2)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-2608)

Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)

WordPress Plugin One User Avatar-User Profile Picture Multiple Vulnerabilities (2.3.6)

MyBB Other Vulnerability (CVE-2007-0544)

Severity

High

Classification

CVE-2018-19396 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities