CVE-2015-8876

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.44 PHP versions 5.5.x prior to 5.5.28 PHP versions 5.6.x prior to 5.6.12

Description The issue is related to the validation of certain Exception objects in the Zend/zend exceptions.c component of PHP. This lack of validation allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, or trigger unintended method execution. The exploitation is possible via crafted serialized data.

Recommendations For PHP versions prior to 5.4.44, update to version 5.4.44 or later. For PHP versions 5.5.x prior to 5.5.28, update to version 5.5.28 or later. For PHP versions 5.6.x prior to 5.6.12, update to version 5.6.12 or later.