CVE-2024-38517

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.
Wrap or Wraparound
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
GitHub_MCNA
6.8 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Debian logo
Debian Releases
Debian Product
Codename
rapidjson
bullseye
postponed
bookworm
no-dsa
sid
1.1.0+dfsg2-7.4
fixed
trixie
1.1.0+dfsg2-7.4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rapidjson
plucky
needs-triage
oracular
Fixed 1.1.0+dfsg2-7.3ubuntu0.1
released
noble
Fixed 1.1.0+dfsg2-7.2ubuntu0.1~esm1
released
mantic
ignored
jammy
Fixed 1.1.0+dfsg2-7ubuntu0.1~esm1
released
focal
Fixed 1.1.0+dfsg2-5ubuntu1+esm1
released
bionic
Fixed 1.1.0+dfsg2-3ubuntu0.1~esm1
released
xenial
Fixed 0.12~git20141031-3ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517
https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517
https://security.netapp.com/advisory/ntap-20240905-0001/