[SECURITY] Fedora 44 Update: perl-Cpanel-JSON-XS-4.41-1.fc44

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.41-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

CVE-2026-9334

A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

CVE-2026-9516

CVE-2026-9516 affects Cpanel::JSON::XS for Perl prior to 4.41. A UTF-8 BOM prefixed input with a throwing decode filter callback can cause the decoder to skip restoration of the input pointer, leaving the scalar with an offset pointer. When the scalar is freed, the allocator may receive an invali...

EUVD-2026-34061

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

CVE-2026-9516 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

CVE-2026-9334

Cpanel::JSON::XS (Perl) is affected by a type-confusion issue in decode_hv() for versions before 4.41 when dupkeys_as_arrayref is enabled. The code tests duplicate keys by evaluating SvTYPE (old_value) != SVt_RV && SvTYPE (SvRV (old_value)) != SVt_PVAV, which dereferences a value via SvRV(old_val...

EUVD-2026-34060

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

OPENSUSE-SU-2026:10950-1 perl-Cpanel-JSON-XS-4.410.0-1.1 on GA media

These are all security issues fixed in the perl-Cpanel-JSON-XS-4.410.0-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-45892

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode json advances the input scalar's string pointer past the mark with SvPV set and restores it only on the normal retur...

Astra Linux - уязвимость в libcpanel-json-xs-perl

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow that causes a segfault when parsing crafted JSON, allowing for denial-of-service attacks or other unspecified impacts...

Mageia: Security Advisory (MGASA-2025-0284)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0284 Updated perl-Cpanel-JSON-XS packages fix security vulnerability

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. CVE-2025-40929...

ROS-20251030-06

A vulnerability in the Perl data structure to JSON conversion module Cpanel::JSON::XS is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code on the target system...