CVE-2009-1271 | Vulnerability Database | Aqua Security

The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	5.2.0 (including)	5.2.0 (including)
Php	Php	5.2.1 (including)	5.2.1 (including)
Php	Php	5.2.2 (including)	5.2.2 (including)
Php	Php	5.2.3 (including)	5.2.3 (including)
Php	Php	5.2.4 (including)	5.2.4 (including)
Php	Php	5.2.5 (including)	5.2.5 (including)
Php	Php	5.2.6 (including)	5.2.6 (including)
Php	Php	5.2.7 (including)	5.2.7 (including)
Php	Php	5.2.8 (including)	5.2.8 (including)

References

http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14\u0026r2=1.1.2.15
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/34770
http://secunia.com/advisories/34830
http://secunia.com/advisories/34933
http://secunia.com/advisories/35003
http://secunia.com/advisories/35007
http://secunia.com/advisories/35306
http://secunia.com/advisories/35685
http://secunia.com/advisories/36701
http://support.apple.com/kb/HT3865
http://www.debian.org/security/2009/dsa-1775
http://www.debian.org/security/2009/dsa-1789
http://www.mandriva.com/security/advisories?name=MDVSA-2009:090
http://www.openwall.com/lists/oss-security/2009/04/01/9
http://www.php.net/releases/5_2_9.php
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.ubuntu.com/usn/USN-761-2
https://usn.ubuntu.com/761-1/
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1271
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html