CVE-2018-19396
HIGHPHP <7.1.24 - DoS
Title source: llmDescription
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
Scores
CVSS v3
7.5
EPSS
0.0192
EPSS Percentile
83.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (1)
php/php
< 7.1.24
Timeline
Published
Nov 20, 2018
Tracked Since
Feb 18, 2026