CVE-2024-38517

EUVD-2024-37387
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.
Wrap or Wraparound
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
GitHub_MCNA
6.8 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Windows Releases
Platform
Version
Windows 10
1607 (x64, x86)
KB5040434
1809 (x64, x86)
KB5040430
21H2 (arm64, x64, x86)
KB5040427
22H2 (arm64, x64, x86)
KB5040427
Windows 11
21H2 (arm64, x64)
KB5040431
22H2 (arm64, x64)
KB5040442
23H2 (arm64, x64)
KB5040442
Windows Server 2016
Server Core
KB5040434
Standard
KB5040434
Windows Server 2019
Server Core
KB5040430
Standard
KB5040430
Windows Server 2022
23H2 Server Core
KB5040438
Server Core
KB5040437
Standard
KB5040437
Debian logo
Debian Releases
Debian Product
Codename
rapidjson
bookworm
no-dsa
bullseye
postponed
forky
1.1.0+dfsg2-7.6
fixed
sid
1.1.0+dfsg2-7.6
fixed
trixie
1.1.0+dfsg2-7.4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rapidjson
bionic
Fixed 1.1.0+dfsg2-3ubuntu0.1~esm1
released
focal
Fixed 1.1.0+dfsg2-5ubuntu1+esm1
released
jammy
Fixed 1.1.0+dfsg2-7ubuntu0.1~esm1
released
mantic
ignored
noble
Fixed 1.1.0+dfsg2-7.2ubuntu0.1~esm1
released
oracular
Fixed 1.1.0+dfsg2-7.3ubuntu0.1
released
plucky
needs-triage
questing
needs-triage
xenial
Fixed 0.12~git20141031-3ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517
https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517
https://security.netapp.com/advisory/ntap-20240905-0001/