CVE-2024-38517

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tencent RapidJSON (affected versions not specified)

Description The issue is related to an integer underflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. This can be exploited by an attacker sending a crafted file to the victim, which when opened, triggers the integer underflow vulnerability, leading to elevation of privilege. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Integer Underflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-190

Related Identifiers

AZL-43245

AZL-43300

AZL-43320

AZL-43543

AZL-45330

BDU:2024-06231

CVE-2024-38517

MGASA-2024-0371

OESA-2024-1857

USN-7125-1

Affected Products

Debian

Linuxmint

Rapidjson

Ubuntu

Windows

CVE-2024-38517

Weakness Enumeration

Related Identifiers

Affected Products

References · 39