GHSA-rr69-rxr6-8qwf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rr69-rxr6-8qwf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-rr69-rxr6-8qwf/GHSA-rr69-rxr6-8qwf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rr69-rxr6-8qwf
- Aliases
-
- CVE-2024-58264
- RUSTSEC-2024-0012
- Published
- 2024-02-09T16:03:32Z
- Modified
- 2025-07-28T16:27:07.678146Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- serde-json-wasm stack overflow during recursive JSON parsing
- Details
-
When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth.
- Database specific
{ "severity": "HIGH", "github_reviewed_at": "2024-02-09T16:03:32Z", "cwe_ids": [], "nvd_published_at": null, "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-58264
- https://github.com/CosmWasm/serde-json-wasm/commit/a9a9b9bf243862bd2afbf6853fca97f30dc4f620
- https://github.com/CosmWasm/serde-json-wasm/commit/e78f9e28b3a2151d3175ee88ab2a001bf9515429
- https://github.com/CosmWasm/serde-json-wasm
- https://rustsec.org/advisories/RUSTSEC-2024-0012.html
Affected packages
crates.io / serde-json-wasm
Package
- Name
- serde-json-wasm
- View open source insights on deps.dev
- Purl
- pkg:cargo/serde-json-wasm
crates.io / serde-json-wasm
Package
- Name
- serde-json-wasm
- View open source insights on deps.dev
- Purl
- pkg:cargo/serde-json-wasm