High severity7.8NVD Advisory· Published Jul 9, 2024· Updated Apr 15, 2026

CVE-2024-38517

Description

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

Patches

8269bc2bc289

https://github.com/fmalita/rapidjsonvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001nvd
github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001nvd
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517nvd
security.netapp.com/advisory/ntap-20240905-0001/nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000