CVE-2024-39684

2024-07-0919:15:12

Debian Security Bug Tracker

security-tracker.debian.org

tencent rapidjson

privilege escalation

integer overflow

parsenumber function

json

stream

crafted file

elevation of privilege

unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

JSON

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

OSVersionArchitecturePackageVersionFilename
Debian12allrapidjson<= 1.1.0+dfsg2-7.1rapidjson_1.1.0+dfsg2-7.1_all.deb
Debian11allrapidjson<= 1.1.0+dfsg2-7rapidjson_1.1.0+dfsg2-7_all.deb
Debian999allrapidjson<= 1.1.0+dfsg2-7.3rapidjson_1.1.0+dfsg2-7.3_all.deb
Debian13allrapidjson<= 1.1.0+dfsg2-7.3rapidjson_1.1.0+dfsg2-7.3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	rapidjson	<= 1.1.0+dfsg2-7.1	rapidjson_1.1.0+dfsg2-7.1_all.deb
Debian	11	all	rapidjson	<= 1.1.0+dfsg2-7	rapidjson_1.1.0+dfsg2-7_all.deb
Debian	999	all	rapidjson	<= 1.1.0+dfsg2-7.3	rapidjson_1.1.0+dfsg2-7.3_all.deb
Debian	13	all	rapidjson	<= 1.1.0+dfsg2-7.3	rapidjson_1.1.0+dfsg2-7.3_all.deb