It was discovered that php-json-ext, a JSON serialiser for PHP, is prone to a denial of service attack, when receiving a malformed string via the json_decode function.