CVE-2025-40928 | THREATINT

Description

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

PUBLISHED Reserved 2025-04-16 | Published 2025-09-08 | Updated 2025-11-04 | Assigner CPANSec

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status

unaffected

Any version before 4.04

affected

Credits

Michael Hudak of rasotec reporter

References

lists.debian.org/debian-lts-announce/2025/09/msg00033.html

www.openwall.com/lists/oss-security/2025/09/08/2

metacpan.org/release/MLEHMANN/JSON-XS-4.03/source/XS.xs related

security.metacpan.org/...SON-XS/4.03/CVE-2025-40928-r1.patch patch

cve.org (CVE-2025-40928)

nvd.nist.gov (CVE-2025-40928)

Download JSON