======================================================================== CVE-2025-40929 CPAN Security Group ========================================================================
CVE ID: CVE-2025-40929 Distribution: Cpanel-JSON-XS Versions: before 4.40 MetaCPAN: https://metacpan.org/dist/Cpanel-JSON-XS VCS Repo: https://github.com/rurban/Cpanel-JSON-XS Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Description ----------- Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Problem types ------------- - CWE-122 Heap-based Buffer Overflow Solutions --------- Update to 4.40 or later, or apply the provided patch References ---------- https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch Credits ------- Michael Hudak of rasotec, reporter
