Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Fedora 39 Security Advisory: RapidJSON CVE-2024-38517 Integer Underflow

fedora
Calendar Grey July 19, 2024
Dist Fedora Esm H88
Fedora 39 swiftjson upgrade addresses CVE-2024-38518, reducing risk of unauthorized access vulnerabilities.
Fix for CVE-2024-38517.

Summary

RapidJSON is a fast JSON parser and generator for C++. It was

inspired by RapidXml.

RapidJSON is small but complete. It supports both SAX and DOM style

API. The SAX parser is only a half thousand lines of code.

RapidJSON is fast. Its performance can be comparable to strlen().

It also optionally supports SSE2/SSE4.1 for acceleration.

RapidJSON is self-contained. It does not depend on external

libraries such as BOOST. It even does not depend on STL.

RapidJSON is memory friendly. Each JSON value occupies exactly

16/20 bytes for most 32/64-bit machines (excluding text string). By

default it uses a fast memory allocator, and the parser allocates

memory compactly during parsing.

RapidJSON is Unicode friendly. It supports UTF-8, UTF-16, UTF-32

(LE & BE), and their detection, validation and transcoding

internally. For example, you can read a UTF-8 file and let RapidJSON

transcode the JSON strings into UTF-16 in the DOM. It also supports

surrogates and "\u0000" (null character).

JSON(JavaScript Object Notation) is a light-weight data exchange

format. RapidJSON should be in fully compliance with RFC4627/ECMA-404.

Update Information:

Fix for CVE-2024-38517.

Topics%20covered

Topics Covered

security advisory Fedora privilege escalation integer underflow rapidjson

Change Log

* Wed Jul 10 2024 Tom Hughes - 1.1.0-41 - Add patch for CVE-2024-38517 aka RHBZ#2296979 * Sun Feb 25 2024 Richard W.M. Jones - 1.1.0-28 - Bump and rebuild package (for riscv64) * Fri Jan 26 2024 Fedora Release Engineering - 1.1.0-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 22 2024 Fedora Release Engineering - 1.1.0-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jan 18 2024 Tom Hughes - 1.1.0-25 - Add upstream patches for improved gcc 14 and C++20 support * Fri Jan 5 2024 Honza Horak - 1.1.0-24 - SPDX migration - Add BSD license that is used by stdint.h and inttypes.h

References


[ 1 ] Bug #2296979 - CVE-2024-38517 rapidjson: privilege escalation via integer underflow in GenericReader::ParseNumber() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2296979

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a3c1b2629e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: rapidjson
Product: Fedora 39
Version: 1.1.0
Release: 41.fc39
URL: http://rapidjson.org/
Summary: Fast JSON parser and generator for C++

Topics%20covered

Topics Covered

security advisory Fedora privilege escalation integer underflow rapidjson

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here