CVE-2024-38525

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38525

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38525.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38525

Related

GHSA-rf3p-mg22-qv6w

Published

2024-06-28T22:15:02Z

Modified

2025-05-24T03:39:15.697458Z

Summary

[none]

Details

dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2.

References

Affected packages

Git / github.com/datadog/dd-trace-cpp

Affected ranges

Type: GIT
Repo: https://github.com/datadog/dd-trace-cpp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

26e666f995d8d214e6d3c3d7a35342f8c544c008

Fixed

26e666f995d8d214e6d3c3d7a35342f8c544c008

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.10

v0.1.11

v0.1.12

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.2.0

v0.2.1