Mageia 9 MGASA-2024-0371: rapidjson integer underflow threat
mageia
November 27, 2024
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON...
Summary
Tencent RapidJSON is vulnerable to privilege escalation due to an
integer underflow in the `GenericReader::ParseNumber()` function of
`include/rapidjson/reader.h` when parsing JSON text from a stream. An
attacker needs to send the victim a crafted file which needs to be
opened; this triggers the integer underflow vulnerability (when the file
is parsed), leading to elevation of privilege. (CVE-2024-38517)
References
- https://bugs.mageia.org/show_bug.cgi?id=33803
- https://ubuntu.com/security/notices/USN-7125-1
- https://www.cve.org/CVERecord?id=CVE-2024-38517
Resolution
SRPMS
- 9/core/rapidjson-1.1.0-6.1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 27 Nov 2024
URL: https://advisories.mageia.org/MGASA-2024-0371.html
Type: security
CVE: CVE-2024-38517
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!