5

CVE-2009-1271

The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version5.2.0
PhpPhp Version5.2.1
PhpPhp Version5.2.2
PhpPhp Version5.2.3
PhpPhp Version5.2.4
PhpPhp Version5.2.4 Editionwindows
PhpPhp Version5.2.5
PhpPhp Version5.2.6
PhpPhp Version5.2.7
PhpPhp Version5.2.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.4% 0.818
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://secunia.com/advisories/36701
http://support.apple.com/kb/HT3865
http://secunia.com/advisories/35003
http://www.debian.org/security/2009/dsa-1789
http://secunia.com/advisories/35306
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
http://www.redhat.com/support/errata/RHSA-2009-0350.html
http://www.php.net/releases/5_2_9.php
Vendor Advisory
http://secunia.com/advisories/34830
http://secunia.com/advisories/34933
http://secunia.com/advisories/35007
http://www.ubuntu.com/usn/USN-761-2
https://usn.ubuntu.com/761-1/
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35685
http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15
http://secunia.com/advisories/34770
http://www.debian.org/security/2009/dsa-1775
http://www.mandriva.com/security/advisories?name=MDVSA-2009:090
http://www.openwall.com/lists/oss-security/2009/04/01/9