CVE-2024-38525

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-38525

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38525.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-38525

Aliases

GHSA-rf3p-mg22-qv6w

Published

2024-06-28T21:10:57.138Z

Modified

2026-03-12T05:11:46.483173Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

dd-trace-cpp malformed unicode header values may cause crash

Details

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2.

Database specific

{
    "cwe_ids": [
        "CWE-20",
        "CWE-248"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38525.json"
}

References

Affected packages

Git / github.com/datadog/dd-trace-cpp

Affected ranges

Type

GIT

Repo

https://github.com/datadog/dd-trace-cpp

Events

Introduced

5c531434587196b9da86b992c39675df42e89b4d

Fixed

26e666f995d8d214e6d3c3d7a35342f8c544c008

Database specific

{
    "versions": [
        {
            "introduced": "0.1.12"
        },
        {
            "fixed": "0.2.2"
        }
    ]
}

Affected versions

v0.*

v0.1.12

v0.2.0

v0.2.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38525.json"