{"id":"CVE-2024-38517","summary":"Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow","details":"Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.","modified":"2026-04-16T04:43:44.336358095Z","published":"2024-07-09T18:51:50.563Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-191"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38517.json"},"references":[{"type":"WEB","url":"https://github.com/Tencent/rapidjson/pull/1261/commits/8269bc2bc289e9d343bae51cdf6d23ef0950e001"},{"type":"WEB","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38517"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38517.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38517"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240905-0001/"},{"type":"FIX","url":"https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fmalita/rapidjson","events":[{"introduced":"0"},{"fixed":"8269bc2bc289e9d343bae51cdf6d23ef0950e001"}]},{"type":"GIT","repo":"https://github.com/fmalita/rapidjson","events":[{"introduced":"0"},{"fixed":"8269bc2bc289e9d343bae51cdf6d23ef0950e001"}]}],"versions":["v1.0-beta","v1.1.0"],"database_specific":{"vanir_signatures":[{"target":{"file":"include/rapidjson/reader.h"},"signature_version":"v1","source":"https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001","digest":{"line_hashes":["288425774745012461561310139886002627747","307373623926445788135965508129048585816","98501279309038937940885271199100634471","38645439629479861165110068569379553885","187750517275957864491405977602767129232","97245315838875392425966686568726114009","179086695166975398278890479785796356422"],"threshold":0.9},"signature_type":"Line","id":"CVE-2024-38517-32ba92c7","deprecated":false},{"target":{"file":"test/unittest/readertest.cpp"},"signature_version":"v1","source":"https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001","id":"CVE-2024-38517-346215dd","signature_type":"Line","digest":{"line_hashes":["313877681585030834460092347888774627812","45814912363862486302300808256811283134","34241869063326660220492092946571623922","237248175434065046011101851845313123553"],"threshold":0.9},"deprecated":false},{"target":{"file":"test/unittest/readertest.cpp","function":"TestParseDouble"},"signature_version":"v1","source":"https://github.com/fmalita/rapidjson/commit/8269bc2bc289e9d343bae51cdf6d23ef0950e001","id":"CVE-2024-38517-44fce472","signature_type":"Function","digest":{"length":8625,"function_hash":"243468763142092133153126455231348369043"},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38517.json","vanir_signatures_modified":"2026-04-12T09:00:30Z"}},{"ranges":[{"type":"GIT","repo":"https://github.com/tencent/rapidjson","events":[{"introduced":"0"},{"last_affected":"f54b0e47a08782a6131cc3d60f94d038fa6e0a51"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.0"}]}}],"versions":["v1.0-beta","v1.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38517.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}]}