Lucene search
+L

76 matches found

osv
osv
added 2026/07/06 6:1 p.m.2 views

SUSE-SU-2026:2782-1 Security update for perl-Cpanel-JSON-XS

This update for perl-Cpanel-JSON-XS fixes the following issues - CVE-2026-9334: type confusion via duplicate object keys when dupkeysasarrayref is enabled bsc1267546. - CVE-2026-9516: denial of service via UTF-8 BOM prefixed input when a decode filter callback throws bsc1267547...

7.5CVSS6.1AI score0.00361EPSS
Exploits0References5
osv
osv
added 2026/07/06 2:16 a.m.4 views

UBUNTU-CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References6
euvd
euvd
added 2026/07/06 1:34 a.m.9 views

EUVD-2026-41798

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.0033EPSS
Exploits0References2
fedora
fedora
added 2026/06/05 4:27 a.m.14 views

[SECURITY] Fedora 44 Update: perl-Cpanel-JSON-XS-4.41-1.fc44

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS5.8AI score0.00361EPSS
Exploits0
fedora
fedora
added 2026/06/05 4:10 a.m.13 views

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.41-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS5.8AI score0.00361EPSS
Exploits0
nessus
nessus
added 2026/06/05 12:0 a.m.8 views

Fedora 43 : perl-Cpanel-JSON-XS (2026-d88c7fac8c)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d88c7fac8c advisory. This update addresses a number of bugs including these security issues: Fix BOM-shift PV-corruption SIGABRT CVE-2026-9516 Fix dupkeysasarrayref type...

7.5CVSS5.6AI score0.00361EPSS
Exploits0References3
nessus
nessus
added 2026/06/05 12:0 a.m.8 views

Fedora 44 : perl-Cpanel-JSON-XS (2026-0a82e80353)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0a82e80353 advisory. This update addresses a number of bugs including these security issues: Fix BOM-shift PV-corruption SIGABRT CVE-2026-9516 Fix dupkeysasarrayref type...

7.5CVSS5.6AI score0.00361EPSS
Exploits0References3
susecve
susecve
added 2026/06/04 2:30 a.m.14 views

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

8.1CVSS5.8AI score0.00253EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/03 11:40 a.m.11 views

CVE-2026-9334

A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...

7.3CVSS5.8AI score0.00253EPSS
Exploits0References2
nvd
nvd
added 2026/06/03 1:16 a.m.16 views

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS0.00253EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/03 12:15 a.m.10 views

CVE-2026-9516 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

5.9AI score0.00361EPSS
Exploits0References2
cve
cve
added 2026/06/03 12:15 a.m.35 views

CVE-2026-9516

CVE-2026-9516 affects Cpanel::JSON::XS for Perl prior to 4.41. A UTF-8 BOM prefixed input with a throwing decode filter callback can cause the decoder to skip restoration of the input pointer, leaving the scalar with an offset pointer. When the scalar is freed, the allocator may receive an invali...

7.5CVSS5.9AI score0.00361EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/06/03 12:15 a.m.13 views

EUVD-2026-34061

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.9AI score0.00361EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/03 12:15 a.m.8 views

CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

5.9AI score0.00361EPSS
Exploits0References3
osv
osv
added 2026/06/03 12:15 a.m.2 views

CVE-2026-9516 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS6.1AI score0.00361EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/06/03 12:15 a.m.8 views

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

5.8AI score0.00253EPSS
Exploits0References3
euvd
euvd
added 2026/06/03 12:15 a.m.13 views

EUVD-2026-34060

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS5.8AI score0.00253EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/03 12:15 a.m.40 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

0.00253EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/03 12:15 a.m.10 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

5.8AI score0.00253EPSS
Exploits0References2
cve
cve
added 2026/06/03 12:15 a.m.31 views

CVE-2026-9334

Cpanel::JSON::XS (Perl) is affected by a type-confusion issue in decode_hv() for versions before 4.41 when dupkeys_as_arrayref is enabled. The code tests duplicate keys by evaluating SvTYPE (old_value) != SVt_RV && SvTYPE (SvRV (old_value)) != SVt_PVAV, which dereferences a value via SvRV(old_val...

7.3CVSS5.8AI score0.00253EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder