CVE-2009-1271
PHP 5.2.x - Denial of Service via Malformed JSON String to json_decode
Title source: llmDescription
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
References (22)
Core 22
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/04/01/9
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1775
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
Various Sources x_refsource_misc
http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34770
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Vendor Advisory x_refsource_confirm
http://www.php.net/releases/5_2_9.php
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35007
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34933
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34830
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-761-2
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0350.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35003
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35685
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3865
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36701
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:090
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35306
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/761-1/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1789
Scores
EPSS
0.1022
EPSS Percentile
93.2%
Details
Status
published
Products (9)
php/php
5.2.0
php/php
5.2.1
php/php
5.2.2
php/php
5.2.3
php/php
5.2.4 (2 CPE variants)
php/php
5.2.5
php/php
5.2.6
php/php
5.2.7
php/php
5.2.8
Published
Apr 08, 2009
Tracked Since
Feb 18, 2026