CVE-2025-40928 | THREATINT

Description

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

PUBLISHED Reserved 2025-04-16 | Published 2025-09-08 | Updated 2025-09-08 | Assigner CPANSec

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status

unaffected

Any version before 4.04

affected

Credits

Michael Hudak of rasotec reporter

References

metacpan.org/release/MLEHMANN/JSON-XS-4.03/source/XS.xs related

security.metacpan.org/...SON-XS/4.03/CVE-2025-40928-r1.patch patch

cve.org (CVE-2025-40928)

nvd.nist.gov (CVE-2025-40928)

Download JSON