Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-39684

Опубликовано: 09 июл. 2024
Источник: debian
EPSS Низкий

Описание

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
rapidjsonunfixedpackage
rapidjsonpostponedtrixiepackage
rapidjsonpostponedbookwormpackage
rapidjsonpostponedbullseyepackage

Примечания

  • https://github.com/Tencent/rapidjson/issues/2289

EPSS

Процентиль: 16%
0.00051
Низкий

Связанные уязвимости

CVSS3: 7.8
ubuntu
около 1 года назад

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

CVSS3: 7.8
redhat
около 1 года назад

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

CVSS3: 7.8
nvd
около 1 года назад

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

CVSS3: 7.8
msrc
около 1 года назад

Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability

CVSS3: 7.8
fstec
около 1 года назад

Уязвимость функции GenericReader::ParseNumber() библиотеки для обработки JSON-файлов RapidJSON операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 16%
0.00051
Низкий