4 matches found
CVE-2026-9334
A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...
CVE-2026-9334
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...
CVE-2026-9334
Cpanel::JSON::XS (Perl) is affected by a type-confusion issue in decode_hv() for versions before 4.41 when dupkeys_as_arrayref is enabled. The code tests duplicate keys by evaluating SvTYPE (old_value) != SVt_RV && SvTYPE (SvRV (old_value)) != SVt_PVAV, which dereferences a value via SvRV(old_val...