Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-38517

Опубликовано: 09 июл. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.8

Описание

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

released

1.1.0+dfsg2-3ubuntu0.1~esm1
esm-apps/focal

released

1.1.0+dfsg2-5ubuntu1+esm1
esm-apps/jammy

released

1.1.0+dfsg2-7ubuntu0.1~esm1
esm-apps/noble

released

1.1.0+dfsg2-7.2ubuntu0.1~esm1
esm-apps/xenial

released

0.12~git20141031-3ubuntu0.1~esm1
focal

ignored

end of standard support, was needed
jammy

needed

mantic

ignored

end of life, was needs-triage
noble

needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 18%
0.00057
Низкий

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-38517

CVSS3: 7.8
redhat
12 месяцев назад

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

nvd логотип

CVE-2024-38517

CVSS3: 7.8
nvd
12 месяцев назад

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

msrc логотип

CVE-2024-38517

CVSS3: 7.8
msrc
12 месяцев назад

Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability

debian логотип

CVE-2024-38517

CVSS3: 7.8
debian
12 месяцев назад

Tencent RapidJSON is vulnerable to privilege escalation due to an inte ...

fstec логотип

BDU:2024-06231

CVSS3: 7.8
fstec
около 1 года назад

Уязвимость функции GenericReader::ParseNumber() библиотеки для обработки JSON-файлов RapidJSON операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 18%
0.00057
Низкий

7.8 High

CVSS3