VYPR
High severity7.8OSV Advisory· Published Jul 9, 2024· Updated Apr 15, 2026

CVE-2024-38517

CVE-2024-38517

Description

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Tencent/RapidjsonOSV2 versions
    v1.0-beta, v1.1.0+ 1 more
    • (no CPE)range: v1.0-beta, v1.1.0
    • (no CPE)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.