Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow
CVE-2024-38517

6.8MEDIUM

Key Information:

Vendor

Tencent

Status
Rapidjson
Vendor
CVE Published:
9 July 2024

What is CVE-2024-38517?

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

Affected Version(s)

RapidJSON <= 1.1.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
x_refsource_CONFIRM
https://github.com/Tencent/rapidjson/pull/1261/commits/82...
x_refsource_MISC
https://github.com/fmalita/rapidjson/commit/8269bc2bc289e...
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.
CVE-2024-38517 : Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow