======================================================================== CVE-2025-40928 CPAN Security Group ========================================================================
CVE ID: CVE-2025-40928 Distribution: JSON-XS Versions: before 4.04 MetaCPAN: https://metacpan.org/dist/JSON-XS VCS Repo: https://cvs.schmorp.de/JSON-XS/ JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Description ----------- JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Problem types ------------- - CWE-122 Heap-based Buffer Overflow Solutions --------- Update to 4.04, or apply the provided patch References ---------- https://metacpan.org/release/MLEHMANN/JSON-XS-4.03/source/XS.xs#L256 https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch Credits ------- Michael Hudak of rasotec, reporter
