CVE-2015-8878
MEDIUMPHP 5.5.0-5.5.27 - Denial of Service via Race Condition in Temporary File Handling
Title source: llmDescription
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugs.php.net/bug.php?id=70002
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Scores
CVSS v3
5.9
EPSS
0.0037
EPSS Percentile
59.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-362
Status
published
Products (1)
php/php
5.5.0 - 5.5.28
Published
May 22, 2016
Tracked Since
Feb 18, 2026