Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.
History

Thu, 05 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-09T18:51:50.563Z

Updated: 2024-09-05T08:03:35.926Z

Reserved: 2024-06-18T16:37:02.727Z

Link: CVE-2024-38517

cve-icon Vulnrichment

Updated: 2024-09-05T08:03:35.926Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-09T19:15:12.470

Modified: 2024-11-21T09:26:08.690

Link: CVE-2024-38517

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-09T00:00:00Z

Links: CVE-2024-38517 - Bugzilla