Bug 2296854 (CVE-2024-38517) - CVE-2024-38517 rapidjson: privilege escalation via integer underflow in GenericReader::ParseNumber()
Summary: CVE-2024-38517 rapidjson: privilege escalation via integer underflow in Gener...
Keywords:
Status: NEW
Alias: CVE-2024-38517
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2296970 2296971 2296978 2296972 2296973 2296974 2296975 2296976 2296977 2296979 2296980 2296981
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-09 19:21 UTC by OSIDB Bzimport
Modified: 2024-08-29 17:05 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the RapidJSON package. This flaw allows a local attacker to trigger an integer underflow via a specially crafted file, possibly leading to escalation of privileges.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2024-07-09 19:21:35 UTC
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.


Note You need to log in before you can comment on or make changes to this bug.