A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / PHP Denial of Service Vulnerability

PHP Denial of Service Vulnerability

Advisory No: TZCERT/SA/2018/12/05

Date of First Release: 6th December, 2018

Source: PHP, CISCO

Software Affected: PHP versions 5.x through 7.1.24

Potential vulnerability has been discovered in Hypertext Pre-processor (PHP) which can allow a remote attacker to cause denial of service condition on the affected system.


It has been revealed that “ext/standard/var.c” and “ext/standard/var_unserializer.c” files in PHP software are susceptible to Denial of Service (DoS) condition due to a NULL pointer dereference.

A  remote unauthorized user can exploit this vulnerability when either unserialize call is made to “ext/standard/var_unserializer.c” file for the “com”, “dotnet” and its variant class or a specially crafted request sent malicious input to the affected PHP software.


Successful exploitation of the vulnerabilities can allow an attacker to trigger pointer dereference condition that cause users of software crash resulted into a DoS condition on affected PHP software.


Users and System administrators are advised to update the affected PHP to the latest version as well as the implement the following security measures;

  1. Run firewall and antivirus applications to minimize the potential of inbound and outbound threats.
  2. Implement IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
  3. Implement a strong firewall policy and monitor the affected systems.


  1. https://tools.cisco.com/security/center/viewAlert.x?alertId=59180
  2. https://tools.cisco.com/security/center/viewAlert.x?alertId=59181
  3. https://www.securityfocus.com/bid/105989

Check Also

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Advisory No: TZCERT/SA/2024/05/31-2 Date of First Release: 31st May 2024 Source: Hewlett-Packard (HP) Software Affected: …