CVE-2024-39684

Name
CVE-2024-39684
Description
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39684

Match rules

CPE URI Source package Min version Max version
rapidjson >= 0 <= 1.1.0
cpe:2.3:a:tencent:rapidjson:*:*:*:*:*:*:*:* rapidjson >= 0 <= 1.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
rapidjson edge-community 1.1.0-r5 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
rapidjson 3.20-community 1.1.0-r5 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable