{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"perl-JSON-XS security update", "category":"general", "title":"Synopsis" }, { "text":"An update for perl-JSON-XS is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C.\n\nSecurity Fix(es):\n\nJSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact(CVE-2025-40928)", "category":"general", "title":"Description" }, { "text":"An update for perl-JSON-XS is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"perl-JSON-XS", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2366", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2366" }, { "summary":"CVE-2025-40928", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-40928&packageName=perl-JSON-XS" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40928" }, { "summary":"openEuler-SA-2025-2366 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-2366.json" } ], "title":"An update for perl-JSON-XS is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2025-10-11T21:22:55+08:00", "revision_history":[ { "date":"2025-10-11T21:22:55+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-10-11T21:22:55+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-10-11T21:22:55+08:00", "id":"openEuler-SA-2025-2366", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perl-JSON-XS-help-4.03-2.oe2403.noarch.rpm", "name":"perl-JSON-XS-help-4.03-2.oe2403.noarch.rpm" }, "name":"perl-JSON-XS-help-4.03-2.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perl-JSON-XS-4.03-2.oe2403.aarch64.rpm", "name":"perl-JSON-XS-4.03-2.oe2403.aarch64.rpm" }, "name":"perl-JSON-XS-4.03-2.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perl-JSON-XS-debuginfo-4.03-2.oe2403.aarch64.rpm", "name":"perl-JSON-XS-debuginfo-4.03-2.oe2403.aarch64.rpm" }, "name":"perl-JSON-XS-debuginfo-4.03-2.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perl-JSON-XS-debugsource-4.03-2.oe2403.aarch64.rpm", "name":"perl-JSON-XS-debugsource-4.03-2.oe2403.aarch64.rpm" }, "name":"perl-JSON-XS-debugsource-4.03-2.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perl-JSON-XS-4.03-2.oe2403.src.rpm", "name":"perl-JSON-XS-4.03-2.oe2403.src.rpm" }, "name":"perl-JSON-XS-4.03-2.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perl-JSON-XS-4.03-2.oe2403.x86_64.rpm", "name":"perl-JSON-XS-4.03-2.oe2403.x86_64.rpm" }, "name":"perl-JSON-XS-4.03-2.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perl-JSON-XS-debuginfo-4.03-2.oe2403.x86_64.rpm", "name":"perl-JSON-XS-debuginfo-4.03-2.oe2403.x86_64.rpm" }, "name":"perl-JSON-XS-debuginfo-4.03-2.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"perl-JSON-XS-debugsource-4.03-2.oe2403.x86_64.rpm", "name":"perl-JSON-XS-debugsource-4.03-2.oe2403.x86_64.rpm" }, "name":"perl-JSON-XS-debugsource-4.03-2.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perl-JSON-XS-help-4.03-2.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perl-JSON-XS-help-4.03-2.oe2403.noarch", "name":"perl-JSON-XS-help-4.03-2.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perl-JSON-XS-4.03-2.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.aarch64", "name":"perl-JSON-XS-4.03-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perl-JSON-XS-debuginfo-4.03-2.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perl-JSON-XS-debuginfo-4.03-2.oe2403.aarch64", "name":"perl-JSON-XS-debuginfo-4.03-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perl-JSON-XS-debugsource-4.03-2.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perl-JSON-XS-debugsource-4.03-2.oe2403.aarch64", "name":"perl-JSON-XS-debugsource-4.03-2.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perl-JSON-XS-4.03-2.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.src", "name":"perl-JSON-XS-4.03-2.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perl-JSON-XS-4.03-2.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.x86_64", "name":"perl-JSON-XS-4.03-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perl-JSON-XS-debuginfo-4.03-2.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perl-JSON-XS-debuginfo-4.03-2.oe2403.x86_64", "name":"perl-JSON-XS-debuginfo-4.03-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"perl-JSON-XS-debugsource-4.03-2.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:perl-JSON-XS-debugsource-4.03-2.oe2403.x86_64", "name":"perl-JSON-XS-debugsource-4.03-2.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-40928", "notes":[ { "text":"JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:perl-JSON-XS-help-4.03-2.oe2403.noarch", "openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.aarch64", "openEuler-24.03-LTS:perl-JSON-XS-debuginfo-4.03-2.oe2403.aarch64", "openEuler-24.03-LTS:perl-JSON-XS-debugsource-4.03-2.oe2403.aarch64", "openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.src", "openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.x86_64", "openEuler-24.03-LTS:perl-JSON-XS-debuginfo-4.03-2.oe2403.x86_64", "openEuler-24.03-LTS:perl-JSON-XS-debugsource-4.03-2.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:perl-JSON-XS-help-4.03-2.oe2403.noarch", "openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.aarch64", "openEuler-24.03-LTS:perl-JSON-XS-debuginfo-4.03-2.oe2403.aarch64", "openEuler-24.03-LTS:perl-JSON-XS-debugsource-4.03-2.oe2403.aarch64", "openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.src", "openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.x86_64", "openEuler-24.03-LTS:perl-JSON-XS-debuginfo-4.03-2.oe2403.x86_64", "openEuler-24.03-LTS:perl-JSON-XS-debugsource-4.03-2.oe2403.x86_64" ], "details":"perl-JSON-XS security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2366" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:perl-JSON-XS-help-4.03-2.oe2403.noarch", "openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.aarch64", "openEuler-24.03-LTS:perl-JSON-XS-debuginfo-4.03-2.oe2403.aarch64", "openEuler-24.03-LTS:perl-JSON-XS-debugsource-4.03-2.oe2403.aarch64", "openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.src", "openEuler-24.03-LTS:perl-JSON-XS-4.03-2.oe2403.x86_64", "openEuler-24.03-LTS:perl-JSON-XS-debuginfo-4.03-2.oe2403.x86_64", "openEuler-24.03-LTS:perl-JSON-XS-debugsource-4.03-2.oe2403.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-40928" } ] }