CVE-2025-40929

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

References

Affected packages

Git / github.com/rurban/Cpanel-JSON-XS

Affected ranges

Type

GIT

Repo

https://github.com/rurban/Cpanel-JSON-XS

Events

Introduced

Fixed

2c3ad61969205b9a85749ea55e1af81f422e96f7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.40"
        }
    ]
}

Type: GIT
Repo: https://github.com/rurban/cpanel-json-xs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

378236219eaa35742c3962ecbdee364903b0a1f2

Affected versions

2.*

2.27

2.28

2.29

2.3

2.31

2.32

2.3305

2.3306

2.3307

2.3308

2.3309

2.3310

2.3311

2.3313

2.3314

2.33_02

2.33_04

2.3401

2.3402

2.3403

2.3404

3.*

3.0101

3.0102

3.0103

3.0104

3.0105

3.0106

3.0109

3.0110

3.0111

3.0112

3.0113

3.0114

3.0115

3.0201

3.0202

3.0204

3.0205

3.0206

3.0207

3.0208

3.0209

3.0210

3.0211

3.0212

3.0213

3.0213_01

3.0213_02

3.0214

3.0215

3.0216

3.0217

3.0217_01

3.0217_02

3.0217_03

3.0217_04

3.0217_05

3.0217_06

3.0218

3.0219

3.0220

3.0221

3.0222

3.0223

3.0224

3.0225

3.0226

3.0227

3.0229

3.0232

3.0233

3.0234

3.0235

3.0236

3.0237

3.0238

3.0239

3.0240

3.99_01

3.99_02

3.99_03

4.*

4.00

4.01

4.02

4.03

4.04

4.05

4.06

4.07

4.08

4.09

4.10

4.11

4.12

4.13

4.14

4.15

4.16

4.17

4.18

4.19

4.20

4.21

4.22

4.23

4.24

4.25

4.26

4.27

4.28

4.29

4.30

4.31

4.32

4.33

4.34

4.35

4.36

4.37

4.38

4.39

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40929.json"