CVE-2025-40929

NameCVE-2025-40929
DescriptionCpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libcpanel-json-xs-perl (PTS)bullseye4.25-1vulnerable
bookworm4.35-1vulnerable
forky, trixie4.39-1vulnerable
sid4.39-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libcpanel-json-xs-perlsource(unstable)4.39-2

Notes

https://lists.security.metacpan.org/cve-announce/msg/32608920/
Fixed by: https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2 (4.40)
Search for package or bug name: Reporting problems