CVE-2015-8873Improper Input Validation in PHP

CWE-20Improper Input ValidationCWE-674Uncontrolled Recursion7 documents6 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
2.8%
top 13.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PHPPhp5Opensuse Leap
Timeline
PublishedMay 16
Latest updateMay 14

Description

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDphp/php5.5.05.5.28+2
Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.19
NVDopensuse/leap42.1

🔴Vulnerability Details

3
GHSA
GHSA-r3m7-4pfv-6c7q: Stack consumption vulnerability in Zend/zend_exceptions2022-05-14
OSV
php5, php7.0 vulnerabilities2016-08-02
OSV
CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions2016-05-16

📋Vendor Advisories

2
Ubuntu
PHP vulnerabilities2016-08-02
Red Hat
php: Stack consumption vulnerability in Zend/zend_exceptions.c2015-08-04

💬Community

1
Bugzilla
CVE-2015-8873 php: Stack consumption vulnerability in Zend/zend_exceptions.c2016-05-17