CVE-2024-21907

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VulnCheckCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
newtonsoftjson.net
𝑥
< 13.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
newtonsoft-json
plucky
dne
oracular
dne
noble
needs-triage
mantic
ignored
lunar
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://alephsecurity.com/2018/10/22/StackOverflowException/
https://alephsecurity.com/vulns/aleph-2018004
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66
https://github.com/JamesNK/Newtonsoft.Json/issues/2457
https://github.com/JamesNK/Newtonsoft.Json/pull/2462
https://github.com/advisories/GHSA-5crp-9r3c-p9vr
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr
https://alephsecurity.com/2018/10/22/StackOverflowException/
https://alephsecurity.com/vulns/aleph-2018004
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66
https://github.com/JamesNK/Newtonsoft.Json/issues/2457
https://github.com/JamesNK/Newtonsoft.Json/pull/2462
https://github.com/advisories/GHSA-5crp-9r3c-p9vr
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr