CVE-2025-40929

一、漏洞信息
 漏洞编号：[CVE-2025-40929](https://nvd.nist.gov/vuln/detail/CVE-2025-40929)
 漏洞归属组件：[perl-Cpanel-JSON-XS](https://gitee.com/src-openeuler/perl-Cpanel-JSON-XS)
 漏洞归属的版本：4.25,4.37,4.38,4.39
 CVSS V3.0分值：
  BaseScore：5.6 Medium
  Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
 漏洞简述：
  Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
 漏洞公开时间：2025-09-08 23:15:35
 漏洞创建时间：2025-09-09 00:21:57
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2025-40929
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes |  |
|  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  |
|  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-40929 |  |
|  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2025-40929 |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes |  |
|  | https://www.mend.io/vulnerability-database/CVE-2025-40929 |  |
|  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes |  |
|  | https://access.redhat.com/security/cve/cve-2025-40929 |  |
|  | https://security.alpinelinux.org/vuln/CVE-2025-40929 |  |
|  | https://security.alpinelinux.org/vuln/CVE-2025-40929 |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-40929 |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-40929 |  |
|  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-40929 |  |
|  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-40929 |  |
|  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-40929 |  |
|  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-40929 |  |
|  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.39/source/XS.xs#L713 |  |
|  | https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.40/changes |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  七彩瞬析开源风险感知平台
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| rurban/Cpanel-JSON-XS |  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  | ljqc |
|  |  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  | cvelistv5 |
|  |  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  | osv |
|  |  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  | whitesource |
|  |  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  | cnnvd |
|  |  | https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2.patch |  | snyk |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
 openEuler评分：
  5.6
 Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
 受影响版本排查(受影响/不受影响)：
  1.master(4.39):受影响
2.openEuler-24.03-LTS-Next(4.37):受影响
3.openEuler-24.03-LTS-SP1(4.37):受影响
4.openEuler-24.03-LTS-SP2(4.37):受影响
5.openEuler-20.03-LTS-SP4:不受影响
6.openEuler-22.03-LTS-SP3:不受影响
7.openEuler-22.03-LTS-SP4:不受影响
8.openEuler-24.03-LTS(4.37):不受影响

修复是否涉及abi变化(是/否)：
  1.master(4.39):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS-SP3:否
4.openEuler-22.03-LTS-SP4:否
5.openEuler-24.03-LTS(4.37):否
6.openEuler-24.03-LTS-Next(4.37):否
7.openEuler-24.03-LTS-SP1(4.37):否
8.openEuler-24.03-LTS-SP2(4.37):否

原因说明：
  1.master(4.39):正常修复
2.openEuler-24.03-LTS-Next(4.37):正常修复
3.openEuler-24.03-LTS-SP1(4.37):正常修复
4.openEuler-24.03-LTS-SP2(4.37):正常修复
5.openEuler-20.03-LTS-SP4:不受影响-组件不存在
6.openEuler-22.03-LTS-SP3:不受影响-组件不存在
7.openEuler-22.03-LTS-SP4:不受影响-组件不存在
8.openEuler-24.03-LTS(4.37):不受影响-组件不存在

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-2242

src-openEuler/perl-Cpanel-JSON-XS

内容风险标识

评论 (5)

src-openEuler/perl-Cpanel-JSON-XS .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2025-40929

评论 (5)

搜索帮助

src-openEuler/perl-Cpanel-JSON-XS