Fluid Attacks Database

Description

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	libcpanel-json-xs-perl	=4.39-1 \|\| >=0 <4.39-2~deb13u1	4.39-2~deb13u1
alpine v3.21	perl-cpanel-json-xs	=4.38-r0 \|\| >=0 <4.40-r0	4.40-r0
debian 12	libcpanel-json-xs-perl	=4.35-1 \|\| >=0 <4.35-1+deb12u1	4.35-1+deb12u1
debian 14	libcpanel-json-xs-perl	=4.39-1 \|\| =4.39-2~deb13u1 \|\| >=0 <4.39-2	4.39-2
alpine v3.20	perl-cpanel-json-xs	=3.0115-r0 \|\| =3.0115-r1 \|\| =3.0217-r0 \|\| =3.0218-r0 \|\| =3.0219-r0 \|\| =3.0220-r0 \|\| =3.0223-r0 \|\| =3.0224-r0 \|\| =3.0225-r0 \|\| =3.0226-r0 \|\| =3.0227-r0 \|\| =3.0228-r0 \|\| =3.0230-r0 \|\| =3.0231-r0 \|\| =3.0232-r0 \|\| =3.0233-r0 \|\| =3.0233-r1 \|\| =3.0237-r0 \|\| =3.0238-r0 \|\| =3.0239-r0 \|\| =4.00-r0 \|\| =4.01-r0 \|\| =4.02-r0 \|\| =4.03-r0 \|\| =4.04-r0 \|\| =4.05-r0 \|\| =4.06-r0 \|\| =4.08-r0 \|\| =4.09-r0 \|\| =4.11-r0 \|\| =4.11-r1 \|\| =4.12-r0 \|\| =4.12-r1 \|\| =4.13-r0 \|\| =4.14-r0 \|\| =4.15-r0 \|\| =4.17-r0 \|\| =4.18-r0 \|\| =4.19-r0 \|\| =4.21-r0 \|\| =4.22-r0 \|\| =4.23-r0 \|\| =4.23-r1 \|\| =4.24-r0 \|\| =4.25-r0 \|\| =4.26-r0 \|\| =4.26-r1 \|\| =4.27-r0 \|\| =4.28-r0 \|\| =4.29-r0 \|\| =4.29-r1 \|\| =4.30-r0 \|\| =4.32-r0 \|\| =4.34-r0 \|\| =4.35-r0 \|\| =4.36-r0 \|\| =4.36-r1 \|\| =4.36-r2 \|\| =4.37-r0 \|\| >=0 <4.40-r0	4.40-r0
alpine v3.22	perl-cpanel-json-xs	=4.38-r0 \|\| =4.39-r0 \|\| >=0 <4.40-r0	4.40-r0
debian 11	libcpanel-json-xs-perl	=4.25-1 \|\| >=0 <4.25-1+deb11u1	4.25-1+deb11u1
alpine v3.23	perl-cpanel-json-xs	=4.38-r0 \|\| =4.39-r0 \|\| =4.39-r1 \|\| >=0 <4.40-r0	4.40-r0

Aliases

1. CVE-2025-409292. NVD-2025-409293. OSV-DEBIAN-2025-409294. OSV-2025-409295. OSV-ALPINE-2025-409296. SECURITY-TRACKER-CVE-2025-409297. SECURITY-CVE-2025-40929

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.