AZL-43245

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43245.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-43245

Upstream

CVE-2024-38517

Published

2024-07-09T19:15:12Z

Modified

2026-04-01T05:15:01.652268Z

Summary

CVE-2024-38517 affecting package rapidjson for versions less than 1.1.0-8

Details

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-38517

Affected packages

Azure Linux:3 / rapidjson

Package

Name: rapidjson
Purl: pkg:rpm/azure-linux/rapidjson

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.0-8

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43245.json"