Stack Consumption Vulnerability in Rust's Serde-Json-Wasm Library
CVE-2024-58264

3.2LOW

Key Information:

Vendor: Cosmwasm
Status: Serde-json-wasm
Vendor: CVE Published:; 27 July 2025

What is CVE-2024-58264?

A vulnerability exists in the Serde-Json-Wasm crate prior to version 1.0.1 that permits stack consumption through deeply nested JSON data. This issue could potentially lead to denial-of-service conditions if exploited by an attacker, especially in applications that handle large or complex JSON structures without adequate safeguards.

Affected Version(s)

serde-json-wasm 0 < 0.5.2

serde-json-wasm 1.0.0 < 1.0.1

References

https://rustsec.org/advisories/RUSTSEC-2024-0012.html

https://github.com/advisories/GHSA-rr69-rxr6-8qwf

https://crates.io/crates/serde-json-wasm

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2025
Vulnerability Reserved
Jul 27, 2025

Cosmwasm

What is CVE-2024-58264?

Affected Version(s)

References

CVSS V3.1

Timeline