CVE-2015-8873

Published: May 16, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

Affected (4)

Products: Php: Php · Opensuse: Leap

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Php Php	Before 5.4.44
Php Php	From 5.5.0 to 5.5.28
Php Php	From 5.6.0 to 5.6.12

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4d2278143a08b7522de9471d0f014d7357c28fea

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://php.net/ChangeLog-5.php

Source: cve@mitre.org

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-2750.html

Source: cve@mitre.org

Third Party Advisory

https://bugs.php.net/bug.php?id=69793

Source: cve@mitre.org

ExploitVendor Advisory

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4d2278143a08b7522de9471d0f014d7357c28fea