Medium severity5.9NVD Advisory· Published May 22, 2016· Updated May 6, 2026

CVE-2015-8878

Description

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: >=5.5.0,<5.5.28

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.php.net/ChangeLog-5.phpnvdVendor Advisory
bugs.php.net/bug.phpnvdIssue TrackingVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000