|CERT-In Vulnerability Note
Denial of Service Vulnerability in PHP
Original Issue Date:December 12, 2018
Severity Rating: HIGH
- PHP versions 5.x
- PHP versions 7.x prior to 7.3.0
A vulnerability has been reported in PHP which could allow a remote attacker to cause a denial of service (DoS) condition on a targeted system.
This vulnerability exists in php_imap.c file of the PHP due to a NULL pointer dereference condition. A remote attacker could exploit this vulnerability by sending a message argument with an empty string to the imap_mail function on a targeted system.
Successful exploitation of this vulnerability could cause the affected system to crash, resulting in a DoS condition.
Update to latest version
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003