Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-39684

Опубликовано: 09 июл. 2024
Источник: redhat
CVSS3: 7.8

Описание

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

A flaw was found in the RapidJSON package. This flaw allows a local attacker to trigger an integer overflow via a specially crafted file, possibly leading to the escalation of privileges.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Openshift Data Foundation 4odf4/mcg-core-rhel8Affected
Red Hat OpenStack Platform 17.1leathermanWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2296855rapidjson: pivilege escalation via integer overflow in GenericReader::ParseNumber()

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-39684

CVSS3: 7.8
ubuntu
12 месяцев назад

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

nvd логотип

CVE-2024-39684

CVSS3: 7.8
nvd
12 месяцев назад

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

msrc логотип

CVE-2024-39684

CVSS3: 7.8
msrc
12 месяцев назад

Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability

debian логотип

CVE-2024-39684

CVSS3: 7.8
debian
12 месяцев назад

Tencent RapidJSON is vulnerable to privilege escalation due to an inte ...

fstec логотип

BDU:2024-06230

CVSS3: 7.8
fstec
12 месяцев назад

Уязвимость функции GenericReader::ParseNumber() библиотеки для обработки JSON-файлов RapidJSON операционных систем Windows, позволяющая нарушителю повысить свои привилегии

7.8 High

CVSS3