Nixpkgs Security Tracker

Published

Permalink CVE-2025-40929

5.6 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

updated 4 months, 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 6 months, 1 week ago
@LeSuisse accepted 4 months, 3 weeks ago
@LeSuisse published on GitHub 4 months, 3 weeks ago

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

References

Affected products

Cpanel-JSON-XS

<4.40

Matching in nixpkgs

pkgs.perlPackages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-unstable -
- nixpkgs-unstable 4.37

pkgs.perl538Packages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-unstable -
- nixpkgs-unstable 4.37

pkgs.perl540Packages.CpanelJSONXS

CPanel fork of JSON::XS, fast and correct serializing

nixos-unstable -
- nixpkgs-unstable 4.37

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.perlPackages.CpanelJSONXS

pkgs.perl538Packages.CpanelJSONXS

pkgs.perl540Packages.CpanelJSONXS