Description
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-4034)
WordPress Plugin SI CAPTCHA Anti-Spam Cross-Site Scripting (2.7.5)
OpenSSL Resource Management Errors Vulnerability (CVE-2015-1788)
WordPress Plugin Peter's Login Redirect Multiple Vulnerabilities (2.9.0)
Oracle Database Server CVE-2010-0854 Vulnerability (CVE-2010-0854)