ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
This issue is about serialization, so not considered as a security issue
See warning on http://php.net/manual/en/function.unserialize.php
COM extension is Windows only
As noted in the previous comment, this only affects COM extension that is only available for Windows versions of PHP and hence this does not affect any Red Hat shipped PHP packages.