ID CVE-2009-1271
Summary The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.4:*:windows:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.4:*:windows:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-10-2018 - 21:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2009:0350
refmap via4
apple APPLE-SA-2009-09-10-2
confirm
debian
  • DSA-1775
  • DSA-1789
fedora
  • FEDORA-2009-3768
  • FEDORA-2009-3848
mandriva MDVSA-2009:090
misc http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15
mlist [oss-security] 20090401 CVE request: PHP 5.2.9
secunia
  • 34770
  • 34830
  • 34933
  • 35003
  • 35007
  • 35306
  • 35685
  • 36701
suse SUSE-SR:2009:012
ubuntu
  • USN-761-1
  • USN-761-2
statements via4
contributor Tomas Hoger
lastmodified 2009-04-15
organization Red Hat
statement This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html
Last major update 03-10-2018 - 21:59
Published 08-04-2009 - 18:30
Back to Top