High severity7.8NVD Advisory· Published Jul 9, 2024· Updated Apr 15, 2026

CVE-2024-39684

Description

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39684nvd
security.netapp.com/advisory/ntap-20240905-0003/nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000