login

Date Index - September 2025 - CPANSec CVE announcements

08 Sep 2025 15:15 UTC CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Stig Palmquist
08 Sep 2025 15:15 UTC CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Stig Palmquist
08 Sep 2025 15:15 UTC CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Stig Palmquist
17 Sep 2025 14:42 UTC CVE-2025-40933: Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely Robert Rothenberg
20 Sep 2025 12:40 UTC CVE-2025-40925: Starch versions 0.14 and earlier generate session ids insecurely Timothy Legge
30 Sep 2025 00:08 UTC CVE-2024-58040: Crypt::RandomEncryption for Perl uses insecure rand() function during encryption Timothy Legge