Primary

Context

Cpanel::JSON::XS Integer Buffer Overflow Vulnerability in Perl Allowing Denial-of-Service

Vulnerability

Patched

An integer buffer overflow vulnerability has been identified in Cpanel::JSON::XS versions prior to 4.40 for Perl. This vulnerability occurs when the module parses crafted JSON, leading to a segmentation fault. The buffer overflow can be exploited to cause a denial-of-service condition or potentially other unspecified impacts.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by parsing JSON data that includes overlong numeric values. This can be done using the Cpanel::JSON::XS module in Perl, by crafting a JSON string that contains a number formatted to exceed the normal length, which will trigger the buffer overflow during parsing.

Remediation

Users can upgrade to Cpanel::JSON::XS version 4.40 or later, where this vulnerability has been fixed.

Added: Sep 8, 2025, 3:26 PM

Updated: Sep 8, 2025, 8:26 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.7

remediation

7.7

relevance

0.5

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cpanel::JSON::XS Integer Buffer Overflow Vulnerability in Perl Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

RURBAN Cpanel::JSON::XS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating