CVE-2018-19395

Name of the Vulnerable Software and Affected Versions PHP versions 5.x through 7.1.24

Description The issue is related to errors in pointer dereferencing in the PHP interpreter, specifically in the ext/standard/var.c component. This can be exploited by a remote attacker to cause a denial of service, resulting in a NULL pointer dereference and application crash. The vulnerability can be triggered by a serialize call on COM("WScript.Shell"), which causes com and com safearray proxy to return NULL in com properties get in ext/com dotnet/com handlers.c.

Recommendations For PHP versions 5.x through 7.1.24, update to a version later than 7.1.24 to resolve the issue. As a temporary workaround, consider restricting the use of the serialize function on COM objects to minimize the risk of exploitation.