CVE-2018-19935
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
We have discovered 2,096,601 live websites that are affected by CVE-2018-19935.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 2,096,601 live websites (29% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 293 versions ( 57% of all versions) |
Details
- Published - Dec 7, 2018
- Updated - Aug 5, 2024
CVE References
Website Distribution by Country
Number of websites using CVE-2018-19935 United States | 485,502 websites |
 Russia | 246,558 websites |
 France | 148,868 websites |
 Germany | 139,875 websites |
 Japan | 129,115 websites |
 Taiwan | 113,562 websites |
 Netherlands | 88,505 websites |
 China | 69,639 websites |
 GB | 54,279 websites |
 Italy | 46,617 websites |
Website Distribution by TLD
Number of websites using CVE-2018-19935| .com | 834,138 websites |
| .ru | 265,227 websites |
| .de | 83,175 websites |
| .net | 67,991 websites |
| .nl | 61,826 websites |
| .org | 57,650 websites |
| .fr | 55,651 websites |
| .jp | 34,334 websites |
| .it | 33,558 websites |
| .co.uk | 33,314 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2018-19935
Top websites that are affected by CVE-2018-19935. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.org | China | *** | |
| *****.***********.com |  Canada | *** | |
| **********.com | United States | *** | |
| ************.ru | Russia | *** | |
| ******************.com | United States | *,*** | |
| *.cn | China | *,*** | |
| ***.org | Italy | *,*** | |
| *********.******.net | United States | *,*** | |
| ****.com | United States | *,*** | |
| ********.com | United States | *,*** |
FAQ
A total of 2,096,601 websites have been identified as vulnerable to CVE-2018-19935, based on global website indexing conducted by WebTechSurvey.
The PHP is affected by the CVE-2018-19935 vulnerability.
PHP versions up to 7.3 are vulnerable to CVE-2018-19935.
CVE-2018-19935 is resolved in version 7.3 of PHP.
References
- https://www.debian.org/security/2018/dsa-4353
- https://bugs.php.net/bug.php?id=77020
- http://www.securityfocus.com/bid/106143
- https://security.netapp.com/advisory/ntap-20181221-0003/
- https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html