CVE-2024-39684

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-39684
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39684.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-39684
Related
Published
2024-07-09T19:15:12Z
Modified
2024-09-18T03:23:06.390163Z
Summary
[none]
Details

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

References

Affected packages

Debian:11 / rapidjson

Package

Name
rapidjson
Purl
pkg:deb/debian/rapidjson?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.0+dfsg2-7
1.1.0+dfsg2-7.1
1.1.0+dfsg2-7.2
1.1.0+dfsg2-7.3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rapidjson

Package

Name
rapidjson
Purl
pkg:deb/debian/rapidjson?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.0+dfsg2-7.1
1.1.0+dfsg2-7.2
1.1.0+dfsg2-7.3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rapidjson

Package

Name
rapidjson
Purl
pkg:deb/debian/rapidjson?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.0+dfsg2-7.1
1.1.0+dfsg2-7.2
1.1.0+dfsg2-7.3

Ecosystem specific

{
    "urgency": "not yet assigned"
}