CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Stig Palmquist 08 Sep 2025 15:13 UTC

========================================================================
CVE-2025-40930                                       CPAN Security Group
========================================================================

        CVE ID:  CVE-2025-40930
  Distribution:  JSON-SIMD
      Versions:  before 1.07

      MetaCPAN:  https://metacpan.org/dist/JSON-SIMD
      VCS Repo:  https://github.com/pjuhasz/JSON-SIMD

JSON::SIMD before version 1.07 and earlier for Perl has an integer
buffer overflow causing a segfault when parsing crafted JSON, enabling
denial-of-service attacks or other unspecified impact

Description
-----------
JSON::SIMD before version 1.07 and earlier for Perl has an integer
buffer overflow causing a segfault when parsing crafted JSON, enabling
denial-of-service attacks or other unspecified impact.

Problem types
-------------
- CWE-122 Heap-based Buffer Overflow

Solutions
---------
Update to 1.07, or apply the provided patch

References
----------
https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.06/source/SIMD.xs#L248
https://metacpan.org/release/PJUHASZ/JSON-SIMD-1.07/changes
https://github.com/pjuhasz/JSON-SIMD/commit/9a87de7331c9fa5198cae404a83b17649cf7b918.patch

Credits
-------
Michael Hudak of rasotec, reporter