Launchpad.net

CVE 2009-1271

The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.

Related bugs and status

CVE-2009-1271 (Candidate) is related to these bugs:

Bug #364346: CVE-2009-1271: denial of service via segfault (ext/json)

		In	Importance	Status
364346	CVE-2009-1271: denial of service via segfault (ext/json)	php5 (Ubuntu)	Undecided	Fix Released
364346	CVE-2009-1271: denial of service via segfault (ext/json)	php5 (Ubuntu Hardy)	Undecided	Fix Released
364346	CVE-2009-1271: denial of service via segfault (ext/json)	php5 (Ubuntu Intrepid)	Undecided	Fix Released
364346	CVE-2009-1271: denial of service via segfault (ext/json)	php5 (Ubuntu Jaunty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009040...
CONFIRM: http://www.php.net/rel...
MANDRIVA: MDVSA-2009:090
REDHAT: RHSA-2009:0350
DEBIAN: DSA-1775
SECUNIA: 34770
SECUNIA: 34830
UBUNTU: USN-761-2
SECUNIA: 34933
DEBIAN: DSA-1789
SECUNIA: 35003
SECUNIA: 35007
FEDORA: FEDORA-2009-3768
FEDORA: FEDORA-2009-3848
SECUNIA: 35306
SUSE: SUSE-SR:2009:012
SECUNIA: 35685
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-09-10-2
SECUNIA: 36701
MISC: http://cvs.php.net/vie...
UBUNTU: USN-761-1