Published: 07/12/2018 Updated: 29/08/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

ext/imap/php_imap.c in PHP 5.x and 7.x prior to 7.3.0 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php
debian debian linux 8.0
debian debian linux 9.0

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a "Transfer-Encoding: chunked" request and the IMAP extension performed in ...

ext/imap/php_imapc in PHP 5x and 7x before 730 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function(CVE-2018-19935) University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launch ...

CWE-476 https://bugs.php.net/bug.php?id=77020 http://www.securityfocus.com/bid/106143 https://www.debian.org/security/2018/dsa-4353 https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html https://security.netapp.com/advisory/ntap-20181221-0003/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://nvd.nist.gov https://www.debian.org/security/./dsa-4353

CVE-2018-19935

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect