NIXPKGS-2025-0006

published on 1 Nov 2025

Permalink CVE-2025-40928

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 4 months, 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 6 months, 1 week ago
@LeSuisse removed
6 packages
- perlPackages.CpanelJSONXS
- perl538Packages.CpanelJSONXS
- perl540Packages.CpanelJSONXS
- perlPackages.JSONXSVersionOneAndTwo
- perl538Packages.JSONXSVersionOneAndTwo
- perl540Packages.JSONXSVersionOneAndTwo
4 months, 3 weeks ago
@LeSuisse accepted 4 months, 3 weeks ago
@LeSuisse published on GitHub 4 months, 3 weeks ago

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

References

Affected products

JSON-XS

<4.04

Matching in nixpkgs

pkgs.perlPackages.JSONXS

JSON serialising/deserialising, done correctly and fast

nixos-unstable -
- nixpkgs-unstable 4.03

pkgs.perl538Packages.JSONXS

JSON serialising/deserialising, done correctly and fast

nixos-unstable -
- nixpkgs-unstable 4.03

pkgs.perl540Packages.JSONXS

JSON serialising/deserialising, done correctly and fast

nixos-unstable -
- nixpkgs-unstable 4.03

Nixpkgs Security Tracker

Details of issue NIXPKGS-2025-0006

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.JSONXS

pkgs.perl538Packages.JSONXS

pkgs.perl540Packages.JSONXS