CVE-2015-8878

MEDIUM

Php < 5.5.28 - Race Condition

Title source: rule

Description

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.

References (2)

[Vendor Advisory] http://www.php.net/ChangeLog-5.php

[Issue Tracking, Vendor Advisory] https://bugs.php.net/bug.php?id=70002

Scores

CVSS v3 5.9

EPSS 0.0037

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119 CWE-362

Status draft

Affected Products (1)

php/php < 5.5.28

Timeline

Published May 22, 2016

Tracked Since Feb 18, 2026