CVE-2025-40928

EUVD-2025-27141
JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Debian logo
Debian Releases
Debian Product
Codename
libjson-xs-perl
bookworm
4.040-1~deb12u1
fixed
bookworm (security)
4.040-1~deb12u1
fixed
bullseye
vulnerable
bullseye (security)
4.030-1+deb11u1
fixed
forky
4.040-1
fixed
sid
4.040-1
fixed
trixie
4.040-1~deb13u1
fixed
trixie (security)
4.040-1~deb13u1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
perl-JSON-XS
RHEL 9
1:4.04-1.el9_6
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
perl-JSON-XS
Amazon Linux 2
1:3.01-2.amzn2.0.1
fixed
Amazon Linux 2023
1:4.03-3.amzn2023.0.3
fixed
perl-JSON-XS-debuginfo
Amazon Linux 2
1:3.01-2.amzn2.0.1
fixed
Amazon Linux 2023
1:4.03-3.amzn2023.0.3
fixed
perl-JSON-XS-debugsource
Amazon Linux 2023
1:4.03-3.amzn2023.0.3
fixed
perl-JSON-XS-tests
Amazon Linux 2023
1:4.03-3.amzn2023.0.3
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
perl-JSON-XS
Azure Linux 3.0
0:4.04-1.azl3
fixed
CBL-Mariner 2.0
0:4.04-1.cm2
fixed