Race condition and heap memory corruption vulnerability in PHP before 5.5.28 and 5.6.x before 5.6.12

Race condition and heap memory corruption vulnerability in PHP before 5.5.28 and 5.6.x before 5.6.12

CVE-2015-8878 · HIGH Severity

AV:N/AC:M/AU:N/C:N/I:N/A:C

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.

Learn more about our Web Application Penetration Testing UK.