CVE-2015-8876

Advisory lineage Upstream: 0 Downstream: 4

Downstream

RHSA-2016:2750 SUSE-SU-2016:1633-1 UBUNTU-CVE-2015-8876 USN-3045-1

Modified

Published: 22 May 2016, 01:00

Last modified:06 Aug 2024, 08:29

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.0 (nvd)

EPSS Score

12.24% MEDIUM

12% probability -0.33%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

22 May 2016, 01:00

Published

Vulnerability first disclosed

06 Aug 2024, 08:29

Last Modified

Vulnerability information updated

Description

Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.

CVSS Metrics

v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 12.24%• Percentile: 94%

Affected Systems

Unknown•PHP
≥ 5.4.0, < 5.4.44 | ≥ 5.5.0, < 5.5.28 | ≥ 5.6.0, < 5.6.12