CVE-2018-19935

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

Published: Dec 7, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-19935
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
php / php	7.2.0	7.2.14
php / php	7.0.0	7.0.33
php / php	7.1.0	7.1.26
php / php	5.6.0	5.6.39
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
http://www.securityfocus.com/bid/106143
https://bugs.php.net/bug.php?id=77020
https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html
https://security.netapp.com/advisory/ntap-20181221-0003/
https://www.debian.org/security/2018/dsa-4353

Vulnerability Database

289,784

CVE-2018-19935