CVE-2009-1271
Published: 8 April 2009
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php-json-ext Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| upstream |
Released
(5.2.9)
|
|
|
php5 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(only 5.2.0 and higher)
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Released
(5.2.4-2ubuntu5.6)
|
|
| intrepid |
Released
(5.2.6-2ubuntu4.2)
|
|
| jaunty |
Released
(5.2.6.dfsg.1-3ubuntu4.1)
|
|
| karmic |
Not vulnerable
(5.2.9.dfsg.1-4ubuntu1)
|
|
| upstream |
Released
(5.2.9)
|
|
|
Patches: upstream: http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15 |
||