Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: FEDORA-2024-fb1e912d0e Critical: rapidjson Integer Underflow

fedora
Calendar Grey July 19, 2024
Dist Fedora Esm H88
Resolution for privilege elevation vulnerability in rapidjson for Fedora 40 users. Critical security patch to ensure reliability.
Fix for CVE-2024-38517.

Summary

RapidJSON is a fast JSON parser and generator for C++. It was

inspired by RapidXml.

RapidJSON is small but complete. It supports both SAX and DOM style

API. The SAX parser is only a half thousand lines of code.

RapidJSON is fast. Its performance can be comparable to strlen().

It also optionally supports SSE2/SSE4.1 for acceleration.

RapidJSON is self-contained. It does not depend on external

libraries such as BOOST. It even does not depend on STL.

RapidJSON is memory friendly. Each JSON value occupies exactly

16/20 bytes for most 32/64-bit machines (excluding text string). By

default it uses a fast memory allocator, and the parser allocates

memory compactly during parsing.

RapidJSON is Unicode friendly. It supports UTF-8, UTF-16, UTF-32

(LE & BE), and their detection, validation and transcoding

internally. For example, you can read a UTF-8 file and let RapidJSON

transcode the JSON strings into UTF-16 in the DOM. It also supports

surrogates and "\u0000" (null character).

JSON(JavaScript Object Notation) is a light-weight data exchange

format. RapidJSON should be in fully compliance with RFC4627/ECMA-404.

Update Information:

Fix for CVE-2024-38517.

Topics%20covered

Topics Covered

security advisory Fedora privilege escalation integer underflow rapidjson

Change Log

* Wed Jul 10 2024 Tom Hughes - 1.1.0-41 - Add patch for CVE-2024-38517 aka RHBZ#2296979 * Sun Feb 25 2024 Richard W.M. Jones - 1.1.0-28 - Bump and rebuild package (for riscv64)

References


[ 1 ] Bug #2296979 - CVE-2024-38517 rapidjson: privilege escalation via integer underflow in GenericReader::ParseNumber() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2296979

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-fb1e912d0e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rapidjson
Product: Fedora 40
Version: 1.1.0
Release: 41.fc40
URL: http://rapidjson.org/
Summary: Fast JSON parser and generator for C++

Topics%20covered

Topics Covered

security advisory Fedora privilege escalation integer underflow rapidjson

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here