CVE-2024-38517

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517
https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517
https://security.netapp.com/advisory/ntap-20240905-0001/

Configurations

No configuration.

History

21 Nov 2024, 09:26

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240905-0001/ -
References	~~() https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001 -~~	() https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001 -
References	~~() https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001 -~~	() https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001 -
References	~~() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517 -~~	() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517 -

11 Jul 2024, 13:06

Type	Values Removed	Values Added
Summary		(es) Tencent RapidJSON es vulnerable a la escalada de privilegios debido a un desbordamiento insuficiente de enteros en la función `GenericReader::ParseNumber()` de `include/rapidjson/reader.h` al analizar texto JSON de una secuencia. Un atacante debe enviar a la víctima un archivo manipulado que debe abrirse; esto desencadena la vulnerabilidad de desbordamiento de enteros (cuando se analiza el archivo), lo que lleva a la elevación de privilegios.

09 Jul 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-09 19:15

Updated : 2024-11-21 09:26

NVD link : CVE-2024-38517

Mitre link : CVE-2024-38517

CVE.ORG link : CVE-2024-38517

JSON object : View

Products Affected

No product.

CWE

CWE-191

Integer Underflow (Wrap or Wraparound)

{"id": "CVE-2024-38517", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-07-09T19:15:12.470", "references": [{"url": "https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001", "source": "security-advisories@github.com"}, {"url": "https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001", "source": "security-advisories@github.com"}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517", "source": "security-advisories@github.com"}, {"url": "https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240905-0001/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-191"}]}], "descriptions": [{"lang": "en", "value": "Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege."}, {"lang": "es", "value": "Tencent RapidJSON es vulnerable a la escalada de privilegios debido a un desbordamiento insuficiente de enteros en la funci\u00f3n `GenericReader::ParseNumber()` de `include/rapidjson/reader.h` al analizar texto JSON de una secuencia. Un atacante debe enviar a la v\u00edctima un archivo manipulado que debe abrirse; esto desencadena la vulnerabilidad de desbordamiento de enteros (cuando se analiza el archivo), lo que lleva a la elevaci\u00f3n de privilegios."}], "lastModified": "2024-11-21T09:26:08.690", "sourceIdentifier": "security-advisories@github.com"}

7.8 /10