Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 41: perl-Cpanel-JSON-XS Critical Integer Overflow CVE-2025-40929

fedora
Calendar Grey September 18, 2025
Dist Fedora Esm H88
Addresses a significant integer overflow issue in perl-Cpanel-JSON-XS affecting Fedora 41. System update advised to enhance security.

This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON (CVE-2025-40929).

Summary

This module converts Perl data structures to JSON and vice versa. Its

primary goal is to be correct and its secondary goal is to be fast. To

reach the latter goal it was written in C.

Update Information:

This update fixes an issue where a specially-crafted JSON input could cause an integer overflow leading to a crash in the program parsing the JSON (CVE-2025-40929).

Topics%20covered

Topics Covered

security advisory fedora critical remote code execution integer overflow perl-Cpanel-JSON-XS

Change Log

* Tue Sep 9 2025 Paul Howarth <paul@city-fan.org> - 4.40-1 - Update to 4.40 - Fix overflow with overlong numbers, fuzzing only (CVE-2025-40929) - Detect more malformed numbers, with two decimal points - Pin Github actions to latest @v via pinact run -u * Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 4.39-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jul 8 2025 Jitka Plesnikova <jplesnik@redhat.com> - 4.39-4 - Perl 5.42 re-rebuild of bootstrapped packages * Mon Jul 7 2025 Jitka Plesnikova <jplesnik@redhat.com> - 4.39-3 - Perl 5.42 rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng@fedoraproject.org> - 4.39-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Dec 13 2024 Paul Howarth <paul@city-fan.org> - 4.39-1 - Update to 4.39 - Fix Windows -Dusequadmath (GH#229, GH#235) - Fix inconsistent behavior between decoding escaped and unescaped surrogates, and escaped non-characters vs. non-escaped non-characters; now aligned to JSON::PP (GH#227, GH#233) - Add type_all_string tests (GH#236) - Silence UV to char cast warnings (GH#232) - Fix MSVC preprocessor errors (GH#232) - Fix -Wformat warnings on Windows (GH#228) - Clarify BigInt decoding (GH#226) - Drop EL-7 support - Use %{make_build} and %{make_install}

References


[ 1 ] Bug #2393916 - CVE-2025-40929 perl-Cpanel-JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2393916

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-89495f6403' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: perl-Cpanel-JSON-XS
Product: Fedora 41
Version: 4.40
Release: 1.fc41
URL: https://metacpan.org/release/Cpanel-JSON-XS
Summary: JSON::XS for Cpanel, fast and correct serializing

Topics%20covered

Topics Covered

security advisory fedora critical remote code execution integer overflow perl-Cpanel-JSON-XS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here