CVE-2025-40929 | THREATINT

Description

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

PUBLISHED Reserved 2025-04-16 | Published 2025-09-08 | Updated 2025-09-08 | Assigner CPANSec

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status

unaffected

Any version before 4.40

affected

Credits

Michael Hudak of rasotec reporter

References

metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs related

metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes release-notes

github.com/...378236219eaa35742c3962ecbdee364903b0a1f2.patch patch

cve.org (CVE-2025-40929)

nvd.nist.gov (CVE-2025-40929)

Download JSON