The Cpanel::JSON::XS package prior to 4.33 for Perl performs out-of-bounds accesses in a way that allows malicious users to obtain sensitive information or cause a denial of service.