CVE-2024-21907

EUVD-2022-5935
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
newtonsoftjson.net
𝑥
< 13.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
newtonsoft-json
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
lunar
ignored
mantic
ignored
noble
needs-triage
oracular
dne
plucky
dne
questing
dne
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://alephsecurity.com/2018/10/22/StackOverflowException/
https://alephsecurity.com/vulns/aleph-2018004
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66
https://github.com/JamesNK/Newtonsoft.Json/issues/2457
https://github.com/JamesNK/Newtonsoft.Json/pull/2462
https://github.com/advisories/GHSA-5crp-9r3c-p9vr
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr
https://alephsecurity.com/2018/10/22/StackOverflowException/
https://alephsecurity.com/vulns/aleph-2018004
https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66
https://github.com/JamesNK/Newtonsoft.Json/issues/2457
https://github.com/JamesNK/Newtonsoft.Json/pull/2462
https://github.com/advisories/GHSA-5crp-9r3c-p9vr
https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr