Candidate: CVE-2018-19935 PublicDate: 2018-12-07 09:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19935 Description: ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. Ubuntu-Description: Notes: mdeslaur> php5 in precise and trusty doesn't build imap, it is in a mdeslaur> separate php-imap source package. Bugs: https://bugs.php.net/bug.php?id=77020 Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_php5: upstream_php5: needs-triage precise/esm_php5: not-affected (code not present) trusty_php5: not-affected (code not present) trusty/esm_php5: not-affected (code not present) xenial_php5: DNE bionic_php5: DNE cosmic_php5: DNE devel_php5: DNE Patches_php-imap: upstream_php-imap: needs-triage precise/esm_php-imap: DNE trusty_php-imap: released (5.4.6-0ubuntu5.1) trusty/esm_php-imap: DNE (trusty was released [5.4.6-0ubuntu5.1]) xenial_php-imap: DNE bionic_php-imap: DNE cosmic_php-imap: DNE devel_php-imap: DNE Patches_php7.0: Tags_php7.0: universe-binary upstream_php7.0: released (7.0.33) precise/esm_php7.0: DNE trusty_php7.0: DNE trusty/esm_php7.0: DNE xenial_php7.0: released (7.0.33-0ubuntu0.16.04.1) esm-infra/xenial_php7.0: released (7.0.33-0ubuntu0.16.04.1) bionic_php7.0: DNE cosmic_php7.0: DNE devel_php7.0: DNE Patches_php7.2: Tags_php7.2: universe-binary upstream_php7.2: released (7.2.14) precise/esm_php7.2: DNE trusty_php7.2: DNE trusty/esm_php7.2: DNE xenial_php7.2: DNE bionic_php7.2: released (7.2.15-0ubuntu0.18.04.1) cosmic_php7.2: released (7.2.15-0ubuntu0.18.20.1) devel_php7.2: released (7.2.15-0ubuntu2) Patches_php7.3: upstream: https://git.php.net/?p=php-src.git;a=commit;h=648fc1e369fc05fb9200a42c7938912236b2a318 Tags_php7.3: universe-binary upstream_php7.3: released (7.3.0) precise/esm_php7.3: DNE trusty_php7.3: DNE trusty/esm_php7.3: DNE xenial_php7.3: DNE bionic_php7.3: DNE cosmic_php7.3: DNE devel_php7.3: not-affected (7.3.0-2)