[<prev] [next>] [day] [month] [year] [list]
Message-ID: <d8715cdb-d2be-4fd7-aafe-502e74ebd585@cpan.org>
Date: Mon, 8 Sep 2025 16:43:26 +0100
From: Robert Rothenberg <rrwo@...n.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an
integer buffer overflow causing a segfault when parsing crafted JSON,
enabling denial-of-service attacks or other unspecified impact
========================================================================
CVE-2025-40929 CPAN Security Group
========================================================================
CVE ID: CVE-2025-40929
Distribution: Cpanel-JSON-XS
Versions: before 4.40
MetaCPAN: https://metacpan.org/dist/Cpanel-JSON-XS
VCS Repo: https://github.com/rurban/Cpanel-JSON-XS
Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer
overflow causing a segfault when parsing crafted JSON, enabling
denial-of-service attacks or other unspecified impact
Description
-----------
Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer
overflow causing a segfault when parsing crafted JSON, enabling
denial-of-service attacks or other unspecified impact
Problem types
-------------
- CWE-122 Heap-based Buffer Overflow
Solutions
---------
Update to 4.40 or later, or apply the provided patch
References
----------
https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713
https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes
https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch
Credits
-------
Michael Hudak of rasotec, reporter
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
