CVE-2015-8873

Published: May 16, 2016Last modified: November 9, 2023

Description

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

Severity score breakdown

Parameter	Value
Base score	7.5
Attack Vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	NONE
Integrity impact	NONE
Availability impact	HIGH
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	php81	Not affected (8.1.22-r0)
Alpaquita Linux	Stream	php81	Not affected (8.1.22-r0)

References

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4d2278143a08b7522de9471d0f014d7357c28fea
http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html
http://php.net/ChangeLog-5.php
http://rhn.redhat.com/errata/RHSA-2016-2750.html
https://bugs.php.net/bug.php?id=69793