CPANSA-JSON-SIMD-2025-40930: JSON-SIMD vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2025-09-08T00:00:00	Engine	CSAF Perl Toolkit 0.26
Current release date	2025-09-08T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	7.5	Severity
Original language		Language	en
Also referred to

Vulnerability Description

JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.

Vulnerabilities

CVE-2025-40930

Vulnerability Description

JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.

Weakness	CWE-122 : Heap-based Buffer Overflow

Product status

Known affected

Product

Score

JSON-SIMD greater than 0

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	7.5	High

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-JSON-SIMD-2025-40930 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2025/cpansa-json-simd-2025-40930.json
https://github.com/pjuhasz/JSON-SIMD/commit/9a87de7331c9fa5198cae404a83b17649cf7b918.patch external
https://github.com/pjuhasz/JSON-SIMD/commit/9a87de7331c9fa5198cae404a83b17649cf7b918.patch
https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.06/source/SIMD.xs#L248 external
https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.06/source/SIMD.xs#L248
https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.07/changes external
https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.07/changes
CVE-2025-40930 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2025-40930

Revision history

Version	Date of the revision	Summary of the revision
1	Mon Sep 8 00:00:00 2025	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/