EPSS
Percentile
41.8%
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
bugzilla.redhat.com/show_bug.cgi?id=1652716
www.cve.org/CVERecord?id=CVE-2018-19396 https://nvd.nist.gov/vuln/detail/CVE-2018-19396