OESA-2025-2241
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2241
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2241.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2025-2241
- Upstream
- Published
- 2025-09-12T14:24:35Z
- Modified
- 2025-09-12T20:34:02.899042Z
- Summary
- perl-Cpanel-JSON-XS security update
- Details
-
This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C.
Security Fix(es):
Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact(CVE-2025-40929)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:24.03-LTS-SP1 / perl-Cpanel-JSON-XS
Package
- Name
- perl-Cpanel-JSON-XS
- Purl
- pkg:rpm/openEuler/perl-Cpanel-JSON-XS&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.37-2.oe2403sp1
Ecosystem specific
{
"src": [
"perl-Cpanel-JSON-XS-4.37-2.oe2403sp1.src.rpm"
],
"x86_64": [
"perl-Cpanel-JSON-XS-4.37-2.oe2403sp1.x86_64.rpm",
"perl-Cpanel-JSON-XS-debuginfo-4.37-2.oe2403sp1.x86_64.rpm",
"perl-Cpanel-JSON-XS-debugsource-4.37-2.oe2403sp1.x86_64.rpm",
"perl-Cpanel-JSON-XS-help-4.37-2.oe2403sp1.x86_64.rpm"
],
"aarch64": [
"perl-Cpanel-JSON-XS-4.37-2.oe2403sp1.aarch64.rpm",
"perl-Cpanel-JSON-XS-debuginfo-4.37-2.oe2403sp1.aarch64.rpm",
"perl-Cpanel-JSON-XS-debugsource-4.37-2.oe2403sp1.aarch64.rpm",
"perl-Cpanel-JSON-XS-help-4.37-2.oe2403sp1.aarch64.rpm"
]
}