Fluid Attacks Database

Description

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libjson-xs-perl	=4.030-2 \|\| >=0 <4.030-3	4.030-3
debian 11	libjson-xs-perl	=4.030-1 \|\| >=0 <4.030-1+deb11u1	4.030-1+deb11u1
debian 12	libjson-xs-perl	=4.030-2 \|\| =4.030-3 \|\| >=0 <4.040-1~deb12u1	4.040-1~deb12u1
debian 13	libjson-xs-perl	=4.030-2 \|\| =4.030-3 \|\| =4.040-1~deb12u1 \|\| >=0 <4.040-1~deb13u1	4.040-1~deb13u1
rpm rhel10	perl-JSON-XS	<1:4.04-1.el10_0	1:4.04-1.el10_0
rpm rhel8	perl-JSON-XS	<1:3.04-4.el8_10	1:3.04-4.el8_10
rpm rhel9	perl-JSON-XS	<1:4.04-1.el9_6	1:4.04-1.el9_6
rpm rhel9.4	perl-JSON-XS	<1:4.03-5.el9_4.1	1:4.03-5.el9_4.1

Aliases

1. CVE-2025-409282. NVD-2025-409283. OSV-DEBIAN-2025-409284. OSV-2025-409285. SECURITY-TRACKER-CVE-2025-40928

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.